Eclipse Ditto 3.9.0

The main improvements and additions of Ditto 3.9.0 are:

• Namespace-scoped policy entries to limit a policy entry’s scope to a configured set of Thing namespaces
• Namespace root policies which are transparently merged into all policies of a configured namespace
• Limiting which namespaces are accessible at the gateway level via configurable, placeholder-based rules
• Entry-level references in policies and policy imports, with transitiveImports for selective multi-level resolution and allowedAdditions to control what may be merged in
• Resolved policy view API option returning the merged effective policy after imports and namespace-root resolution
• Partial change notifications based on Policy READ permissions
• checkPermissions API for all protocols — previously only HTTP — making permission checks available via WebSocket, AMQP and MQTT
• WoT Discovery “Thing Directory” endpoint following the W3C WoT Discovery specification
• Dynamically scoping a WoT Thing Description to the requesting user’s policy permissions
• Encryption key rotation for connectivity service secrets, including DevOps-triggered re-encryption of stored credentials
• X509 client-certificate authentication to MongoDB, with a configurable CA root certificate for the TLS connection
• empty() RQL filter to match absent or empty fields in search and event filters
• fn:format() placeholder pipeline function for correlated field extraction from JSON arrays
• Slow search query logging with configurable threshold to identify expensive queries
• Configurable custom MongoDB search indexes for tuning Ditto search to specific workloads
• Per-namespace activity-check configuration to vary entity passivation timeouts per namespace
• Live entities Prometheus metric per namespace and entity type
• OpenID Connect prerequisite-conditions for early JWT rejection (e.g. audience validation)
• Local/relative tm:ref references in WoT ThingModel resolution
• ditto:deprecationNotice WoT extension term to mark deprecated properties, actions and events
• “Time Travel” mode in the Explorer UI to inspect a Thing’s state at any past revision or timestamp, alongside live and historical event browsing

The following non-functional work is also included:

• Building and running Ditto with Java 25
• Optimizing the MongoReadJournal aggregation pipelines and the ThingEventEnricher hot path
• JFR-guided CPU optimisations in the things, things-search, gateway and connectivity services
• Stackless 4xx exceptions (feature-toggled) to eliminate stack-capture overhead on flow-control errors
• Configurable SSE publisher backpressure buffer size to suppress noisy backpressure WARN logs from slow SSE consumers
• Comprehensive JavaDoc for the public WoT model interfaces
• Helm chart bumped to 4.0.0 with the bundled ingress-nginx controller removed — operators provide their own ingress controller; the chart now uses its own semantic version, decoupled from Ditto’s appVersion
• Updating dependencies to their latest versions
• Providing additional configuration options to Helm values

The following notable fixes are included:

• Surfacing enforcement and validation errors for fire-and-forget commands instead of silently swallowing them
• Fixing checkPermissions ignoring permissions inherited from imported policies
• Fixing partial-access SSE event filtering for subscribers with multiple authorization subjects
• Fixing a MongoDB aggregation pipeline performance regression affecting connections_journal reads
• Fixing a Kafka consumer crash loop triggered by messages with blank header values
• Fixing a Fluency thread leak in the connection logger publisher
• Fixing subscription handling for multiple topics combined with extra fields in connectivity outbound mapping
• Redacting sensitive header values in DittoHeaders.toString() to prevent accidental log leaks
• Converting transient enforcement AskTimeoutException to HTTP 503 instead of 500 during rolling restarts, so clients see a retryable error
• Fixing ssl-config not being picked up for self-signed certificates against the OpenID Connect issuer
• Closing a shadowing vulnerability in namespace-policies by routing namespace-policy entries through rewritten labels