Release Date: May 2026
Release Type: Feature Release
Branch: 2.3.0
New Features
Query Whitelist
OneDB v2.3.0 introduces Query Whitelist, a new security policy feature that allows administrators to define trusted SQL queries that may bypass protected-field masking rules when required by application logic.
This is useful for controlled scenarios where an application needs to process protected values without disabling protection globally, such as selected login, authentication, validation, or trusted system queries.
Query Whitelist supports:
- Connection-based configuration
- SQL text definition
- Optional client address matching
- Optional database username matching
- Active/inactive status
- Description field
- Audit trail integration
- Runtime in-memory matching
Protection Rules Management
OneDB v2.3.0 improves the Protection Rules interface by grouping security rules into clearer categories.
Supported rule groups include:
- Query Protection
- Extraction Protection
- Performance Protection
- SQL Injection Protection
This makes security rule management easier to understand, maintain, and expand in future releases.
Backend Permission Enforcement
This release adds stronger backend permission enforcement using method-level authorization.
Access control is now enforced not only from the user interface, but also directly at the controller method level.
This helps ensure that users must have the correct permission before accessing protected read, create, update, or delete actions.
Enhancements
Safer Backup and Restore
Backup and restore behavior has been improved to better support runtime environments with active proxy listeners and security policies.
OneDB now includes listener configuration in backup and restore, including:
- Listener name
- Listener port
- Enabled status
- Maximum connections
- Idle timeout
- Database connection mapping
During restore, OneDB can stop active proxy listeners, restore database-backed configuration, reload runtime caches, and restart enabled listeners again.
This helps reduce inconsistencies between restored configuration and active runtime services.
Centralized Runtime Cache Reload
OneDB v2.3.0 introduces a centralized runtime cache reload mechanism.
This allows OneDB to refresh important in-memory configuration after restore or selected configuration changes, including:
- Field Settings policies
- Query Whitelist rules
- Database Browser cache
- OneDB API tokenization cache
This reduces the need for manual restarts after selected administrative changes.
Query Audit Detail Improvements
Query Audit detail views have been improved for better readability and usability.
This includes:
- Cleaner SQL text display
- Multiline preview support
- Copy-to-clipboard support
- Dynamic field labels
- Reusable detail rendering logic
Connection-Specific Rule Configuration
This release improves support for connection-specific security rule configuration.
This allows selected security behavior to be managed more flexibly per database connection, while still keeping centralized policy management.
Bug fixes
- Improved Query Whitelist restore handling.
- Improved listener restore ordering.
- Improved handling of multiline SQL text in backup files.
- Improved Field Settings template name handling.
- Improved SQL comment parsing during restore.
- Improved runtime cache refresh after restore.
- Improved stability when restoring configuration related to listeners and runtime policies.
Security Updates
OneDB v2.3.0 strengthens administrative security by adding backend method-level permission enforcement.
This means permission checks are now applied at the server-side controller level, not only by hiding buttons or menus in the web interface.
The release also improves trusted-query handling through Query Whitelist, allowing administrators to define controlled bypass behavior without disabling protection globally.
Known Notes
Query Whitelist should be configured carefully and only for trusted SQL statements that are required by application logic.
Administrators should review whitelist entries regularly to ensure they remain valid, necessary, and limited to the intended connection, client address, or database username where applicable.
After restore operations, administrators should verify that listeners, security policies, and runtime caches are operating as expected.
Summary
OneDB v2.3.0 is a feature release focused on runtime policy management, trusted-query handling, backup and restore reliability, and stronger permission enforcement.
This release introduces Query Whitelist, improves Protection Rules management, enhances Query Audit detail views, strengthens server-side permission checks, and improves restore behavior for active listener environments.