--- title: "Deephaven Release Notes: Version 1.202601 (Grizzly+)" --- > [!NOTE] > See this release's accompanying [Version Log](../version-logs/vl-202601.md). The Version Log includes links to change-specific release notes that supplement these release notes. This document outlines the significant improvements and breaking changes in Deephaven 1.202601 (Grizzly+). For upgrade instructions, please refer to our [Upgrade Guide](../../sys-admin/installation/basic-upgrade.md). ## Upgrade checklist Before upgrading to Grizzly+, review the following requirements: | Requirement | Grizzly | Grizzly+ | | --------------- | ------------ | ---------------- | | Java version | 11 or 17 | 17, 21 or 25 | | Python (Legacy) | 3.9 or 3.10 | **3.10 only** | | Python (Core+) | 3.9 or 3.10 | 3.10 - 3.12 | | Ubuntu | 20.04, 22.04 | 22.04, **24.04** | For the supported Core+ community Core versions for these releases, see the [Core+ versions table](../supported-versions.md#core-versions). Grizzly supports Core 41.4, and Grizzly+ supports Core 41.3 or 41.4. You can install a Core+ version with Core 41.3 or 41.4 on Grizzly to test queries with the same Core engine version before upgrading to Grizzly+. Although the Core engine remains the same, Core+ also includes Enterprise-specific features and integration that differ between Grizzly and Grizzly+. > [!CAUTION] > **Action required before upgrade**: Grizzly+ drops support for Java 11, Python 3.9, and Ubuntu 20.04. ## Breaking changes ### TLS and certificate changes Several TLS and certificate behaviors have changed. See [Certificate management changes](#certificate-management-changes) for full details, new installer properties, and certificate rotation instructions. Action required before upgrading: - **Native installations**: A single `tls.crt` / `tls.key` shared across multiple machines is no longer supported. Each machine [requires its own certificate](../../sys-admin/security/tls-certificates.md#one-certificate-per-machine). - **Hostname verification**: Only the certificate [SAN](../../sys-admin/admin-glossary.md#san) is used for [hostname verification](../../sys-admin/admin-glossary.md#hostname-verification). Common name and authority overrides are no longer used. - **Truststores and keystores are always overwritten**: In-place manual edits of signing certificates and truststores on Deephaven remote machines [do not persist across upgrades or certificate rotation](../../sys-admin/security/tls-certificates.md#certificates-are-always-overwritten). - **HTTP/2**: If legacy Enterprise workers are still in use, [HTTP/2 WebSockets must be disabled in Envoy](../version-logs/vl-202601.md#envoy-must-remove-http2-connect-websockets). ### Removed features | Feature | Replacement | | ----------------------------------- | ---------------------------------------------------------------------- | | Legacy Jupyter notebook integration | Use Code Studio or standalone Jupyter with the Deephaven Python client | | Legacy WebClientData (WCD) | Automatically migrated to Core+ (see note below) | | Java 11 runtime | Upgrade to Java 17, 21, or 25 | | Legacy Python 3.9 workers | Upgrade to Python 3.10 | | Ubuntu 20.04 | Upgrade to Ubuntu 22.04 or 24.04 | > [!NOTE] > **WebClientData migration**: The upgrade automatically updates the `WebClientData` PQ to Core+. If you customized the `WebClientData` heap size, apply the same settings after the update. If your Persistent Queries or application retrieve data directly from the `WebClientData` PQ, update them to work with the new Core+ version. ### Data behavior changes > [!WARNING] > These changes affect how your Core+ queries handle NULL and NaN values. Review any queries that depend on sorting or aggregating data with missing values. #### Stateless Evaluation by Default Formulas in `select`, `update`, and `where` clauses are now [stateless by default](https://deephaven.io/core/groovy/docs/conceptual/query-engine/parallelization/#controlling-concurrency-for-select-update-and-where). Queries that depend on the order of formula evaluation will produce unexpected results. Mark columns serial as required, or set the default behavior for `select` and `update`. You can change the configuration property `QueryTable.statelessSelectByDefault` to false to make columns stateful. For filters, change the property `QueryTable.statelessFiltersByDefault`. #### `NULL` and `NaN` handling Core 41 aligns `NULL` and `NaN` behavior with IEEE standards and user expectations: - **Sorting**: `NULL` values now appear first; `NaN` values appear last. Previously, the order was inconsistent across data types. - **Aggregations**: Mathematical operations (sum, avg, etc.) now ignore `NULL` values and return `NaN` if any input is `NaN`. This prevents silent data corruption in calculations. - **Comparisons**: Filter expressions now handle `NULL` and `NaN` consistently. For example, `where("price < 100")` no longer includes rows where `price` is `NULL`. **What to check**: Review queries that sort columns with missing data, or aggregate columns that may contain NULLs. Results may differ from Grizzly. ### API changes - **Generated loggers**: If you have custom binary log formats (i.e., you define application loggers in your schemas), you must [regenerate your loggers](../../data-guide/streaming/binary-log-format-configuration-deprecated.md#generate-loggers) after upgrading. - **`IntradayLoggerFactory.enableLegacyDoubleDefaultDbSetters`**: The new `LogFormat` generation mechanism does not support this property. Loggers generated via `LogFormat` do not automatically convert `NaN` to `NULL_DOUBLE`. Handle the conversion in your calling code before passing values to the logger, or wrap the generated logger to apply the conversion. This property will be deprecated and removed in a future release. ### Default limit on user table appends Operations that append to live user tables send table data to the Log Aggregator Service as an atomic update. A large enough table can cause the LAS to run out of memory. The maximum table size (number of rows or number of bytes) that will be accepted by the Log Aggregator is now set by default, with the properties `LogAggregatorService.transactionLimit.rows` and `LogAggregatorService.transactionLimit.bytes`. When the Log Aggregator accumulates more rows or more bytes in a transaction than the configured limit, it will abort the transaction and release the accumulated memory. The client will get an error. The default limit is 2 million rows or 128 MiB. Set these to zero to remove the limits. See [User tables](../../deephaven-database/user-tables.md#add-rows-to-a-live-partition) and [Server-side transaction limits](../../data-guide/streaming/streaming-binary-logs.md#server-side-transaction-limits) for details. ### Other changes - **Editing Core+ Queries Disabled in Swing**: In the Swing UI, the following actions are disabled for queries with Engine type `Core+`: - Edit - Copy - Revert - Enable - Disable - Bulk Copy - Create Merge Query - Create Validate Query These restrictions apply to any selection containing at least one `Core+` query. You can still edit `Legacy` queries in Swing. To edit `Core+` queries, use the Web UI. ## What's new ### Pivot tables Grizzly+ introduces [pivot tables](../../user-guide/pivots.md) for interactive data exploration and visualization. **Why it matters**: Pivot tables let you reshape and summarize data interactively in the UI without writing query code. You can: - Create pivot views directly from any source table. - Drag and drop columns to reorganize your view. - Apply filters and sorts interactively. - Access pivot table configurations from JavaScript applications via the [JS API](https://deephaven.io/core/41.0/docs/js-api/overview/). Pivot tables are a display feature for exploring data. For programmatic data reshaping that produces tables you can use in downstream operations (joins, aggregations), see [`keyedTranspose`](https://deephaven.io/core/41.0/docs/how-to-guides/keyed-transpose/). ### Web-based schema editor The [schema editor](../../interfaces/web/web-schema-editor.md) now runs entirely in the web UI, with new capabilities for discovering and importing data: - **CSV import**: Upload a CSV file to auto-detect column types, preview data, and generate a schema. See [CSV schema inference](../../data-guide/schemas/csv-schema-inference.md). - **JDBC import**: Connect to external databases to discover tables and import their schemas. See [JDBC schema inference](../../data-guide/schemas/jdbc-schema-inference.md). - **XML editor with diff view**: Edit schema XML directly with syntax highlighting and see a side-by-side comparison of your changes. - **Bulk operations**: Import and export multiple schemas at once for migration or backup. **Why it matters**: Schema management is now available directly in the web UI, eliminating the need to switch to a separate desktop application. Data engineers can onboard new data sources faster without leaving their browser. ### Permission analyzer A new UI tool helps administrators understand and troubleshoot [access control](../../sys-admin/permissions/permissions-overview.md): - See which ACLs apply to a specific user and table. - Understand why a user can or cannot access particular data. - Identify overly permissive or missing ACL rules. **Why it matters**: Debugging "why can't I see this table?" questions previously required manual ACL inspection. The permission analyzer provides instant answers. ### Heap usage indicator The console status bar now displays real-time heap memory usage for your worker. **Why it matters**: Memory issues are easier to spot before they cause failures. You can see when a query is approaching memory limits and take action proactively. ### Improved Kubernetes resource management For Kubernetes deployments, Grizzly+ provides better control over worker resources: - **CPU limits**: Set default CPU requests and limits for workers, preventing any single query from monopolizing cluster resources. - **Memory overhead**: More accurate accounting for non-heap memory (Python objects, native libraries) reduces out-of-memory terminations. - **TLS for worker communication**: All inter-worker traffic is now encrypted by default. - **Faster pod startup**: Configurable DNS lookup delays reduce worker startup failures in environments with slow DNS propagation. ### deephaven.ui component library The `deephaven.ui` plugin adds several new components for building interactive dashboards: | Component | Description | | ------------------ | --------------------------------------------------- | | `ui.toast` | Display temporary notification messages | | `ui.menu` | Create dropdown and context menus | | `ui.color_picker` | Let users select colors | | `ui.accordion` | Collapsible content sections | | `ui.breadcrumbs` | Navigation trail for hierarchical content | | `ui.labeled_value` | Display read-only values with labels and formatting | | `ui.tag_group` | Display and manage sets of tags | **Document delta updates**: The UI now receives incremental updates instead of full document refreshes, improving performance for complex dashboards. ### Core+ engine improvements #### Enhanced predicate pushdown [Predicate pushdown](https://deephaven.io/core/docs/how-to-guides/predicate-pushdown/) enables filters to leverage Parquet row group metadata and data indexes to skip reading unnecessary data from storage. Grizzly+ extends this capability so that data indexes can now accelerate most filter types, not just exact match lookups. #### Iceberg integration Grizzly+ adds an [`iceberg` extended storage type](../../data-guide/batch-data/iceberg.md), enabling: - Reading from Iceberg tables with full partition pruning. - Writing to Iceberg tables with schema evolution support. - Integration with Iceberg catalogs (AWS Glue, Hive Metastore, etc.). #### Rollup enhancements [Rollups](../../interfaces/web/working-with-tables.md#rollup-rows) now support: - **`updateView`**: Add calculated columns to rollup results. - **Constituent filtering**: Filter which rows contribute to each rollup group. - **Double/float columns**: Can now be used as rollup keys. ### Administration improvements #### Certificate management changes Deephaven-generated [TLS truststores are now optional](../../sys-admin/security/tls-certificates.md#optional-truststore) and disabled by default for native and Podman installations. If your endpoint certificate is from a well-known public CA, clients can use their host machine's [system trust](../../sys-admin/admin-glossary.md#system-ca) to verify TLS certificate validity. To use a private CA, or strictly limit the scope of TLS trust, provide an [explicit CA certificate bundle](../../sys-admin/admin-glossary.md#customer-ca). **Breaking changes**: - **Native installations**: Now require [one certificate per machine](../../sys-admin/installation/basic-install.md#tls-certificates). The installer previously reused a single certificate across all machines. - **Hostname verification**: The [Subject Alternative Name (SAN)](../../sys-admin/admin-glossary.md#san) of all [TLS signing certificates](../../sys-admin/admin-glossary.md#signing-certificate) must match the [hostname used to connect to the server](../../sys-admin/admin-glossary.md#machine-identity). Common name and authority overrides are no longer used. - **Truststores and keystores are always overwritten**: The installer [overwrites all generated certificate files](../../sys-admin/security/tls-certificates.md#certificates-are-always-overwritten) on upgrades and certificate rotation. In-place manual edits on Deephaven remote machines do not persist. - **Envoy**: Certificate file renamed from `lighttpd.pem` to `envoy.pem`. - **Legacy Enterprise workers**: When Envoy is used, [HTTP/2 WebSockets must be disabled](../version-logs/vl-202601.md#envoy-must-remove-http2-connect-websockets) to ensure legacy clients use HTTP/1.1 WebSockets. **New installer properties**: - [`DH_CA_CERTIFICATE`](../../sys-admin/installation/cluster-config-guide.md#dh_ca_certificate): Path to root CA bundle for private certificates. - [`DH_LOCAL_CERT_DIR`](../../sys-admin/installation/cluster-config-guide.md#dh_local_cert_dir): Specify the directory on the installation host machine where TLS certificates are supplied. - [`DH_ENVOY_INSTALL_MODE`](../../sys-admin/installation/cluster-config-guide.md#dh_envoy_install_mode): Controls whether and how the Envoy binary dependency is installed. - [`DH_ENVOY_LOCAL_CERT`](../../sys-admin/installation/cluster-config-guide.md#dh_envoy_local_cert): Specify the location of the [TLS signing certificate](../../sys-admin/admin-glossary.md#signing-certificate) to be used by Envoy. **Certificate rotation**: Use `dh_keygen.sh` to update certificates across all nodes. #### Security updates Grizzly+ includes updates to address security vulnerabilities in: - Jetty (upgraded to 12.1.5) - gRPC (upgraded to 1.76.2) - Protobuf, Commons Compress, Jackson, and other dependencies Container images now run with restricted privileges by default on Kubernetes. #### Core+ worker configuration via etcd Core+ worker configuration is now stored in etcd. A new `coreplus-environment.prop` property file, seeded automatically by the installer, is layered on top of each Core+ installation's on-disk defaults. Previously, customizing Core+ worker behavior required editing configuration files on each server individually. Now you can edit `coreplus-environment.prop` using [`dhconfig properties edit`](../../sys-admin/configuration/dhconfig/overview.md#editing-configuration), and the settings apply to Core+ workers started after the change. ### Embedded dashboards You can now embed dashboards in external applications via iframe with proper authentication flow. Use `ui.resolve` to reference widgets from other persistent queries, enabling modular dashboard composition. ## Deprecation notices > [!CAUTION] > **Last release for these features**: The following will be removed in the next release. Migrate now. | Feature being removed | Replacement | | ------------------------------- | -------------------------- | | Legacy Python workers | Core+ workers | | Legacy data validation/merge | Core+ validation and merge | | Legacy import (`iris_exec` CLI) | Web UI or Core+ APIs | | Swing desktop applications | Web UI | The following features are deprecated and will be removed in a future release: | Deprecated feature | Replacement | | ----------------------------- | ----------------------------- | | `iris_db_user_mod` | `dhconfig acls` | | `controller_tool` | `dhconfig pq` | | V1 BinaryStoreReader (binlog) | V2 BinaryStoreReader (binlog) | For the full support matrix (OS versions, component versions), see [Version support matrix](../supported-versions.md).