Mongoose 5.0 emerges - NewsBits


Welcome to NewsBits where you'll find the database, cloud, and developer news from around the net for the week ending January 19th 2018:

And now, those NewsBits in full:

Database Bits

Mongoose 5.0: MongoDB and Node users have a major update of the MongoDB ODM package Mongoose.js. Version 5.0, which arrived as a release candidate in December is full of breaking changes for the better. Native promises are in, the old mpromise library is out. Mongoose middleware now adopts async/await fully and has new hook handling. MongoDB 3.6 change streams are supported and, with new drivers, support for older pre-3.0 MongoDB has been removed. You'll find the breaking changes listed on the Mongoose github repository.

RabbitMQ: RabbitMQ may have released RabbitMQ 3.7, but maintenance of 3.6 continues. RabbitMQ 3.6.15 fixes an infinite loop in the Guaranteed Multicast package and prohibits logins with blank passwords. The full changes are listed with the release. As the longest running RabbitMQ series, according to Pivotal/RabbitMQ, 3.6.x releases are expected to continue until May. If you want to give your feedback to the RabbitMQ team, you may want to participate in the RabbitMQ User Survey that's currently being run.

PostgreSQL JDBC: There's an update to the PostgreSQL JDBC driver, the first since last August, which uses the Ongres SCRAM library to support PostgreSQL 10's SCRAM-SHA-256 authentication. There's also support for Subject Alternative Names in SSL connections, primitive arrays and getting and setting network timeouts. Find out more in the PostgreSQL JDBC Driver 42.2.0 announcement and in the release notes.

OmniDB: 2ndQuadrant have rolled out a new release of OmniDB. In version 2.4.1, the web-based database management tool handles connections better, simplifies deployment of the server version and upgrades its SQL editor's Find and Replace. The open source OmniDB currently only supports PostgreSQL but has a long term goal of supporting a range of SQL databases.

Graphile: Latest entrant in the arena for making GraphQL quicker to build is Graphile. It's actually two things. PostGraphile, formerly PostGraphQL, is an auto-discovering GraphQL API builder for PostgreSQL - point it at a database and it'll build you a smart API. Graphile Build is a set of Node.js-based plugins which provide datastore agnostic tools for building APIs and one part of that. There is also graphile-build-pg: that's the the Graphile PostgreSQL support that is the core of PostGraphile.

PL/Swift: You may not need it, but PL/Swift is an interesting exploration of how to add a Swift language extension to PostgreSQL. In this PL/Swift tutorial from The Always Right Institute, the issues of building and binding a new language extension to PostgreSQL's are covered swiftly. And at the end of it, you have a language extension you can use but probably won't. More at the docs page and PL/Swift github repo.

Security Bits

Kibana updates: According to the Elastic blog an XSS flaw in Kibana has made an update to both Kibana 5.6 and 6.1 needed.

VirtualBox: Do you use VirtualBox? Get up to date with VirtualBox 5.26 as it has a whole host of fixes for various security flaws. That includes CVE-2018-2698, tweeted about here by the researcher, explaining how an application inside VirtualBox can get system privileges on a Windows 10 host.

Tracking Trust: Keeping an eye on who is trusted is important to maintaining trust in TLS/SSL certificates. The Trust Stores Observatory automatically pulls together the most up-to-date root certificates of major vendors (Microsoft, Mozilla, Google and Apple) and turns them into YAML files which are then pushed into Github. This will let researchers use tools like SSLyze when tracking down misconfigured SSL.

Devops Bits

OpenCensus: Collecting traces and metrics across languages and platforms is a big task. Google's answer to that internally was Census and now Google has announced OpenCensus. It's an open source version of the libraries (for Java, C++, Go, Python, PGP, Erlang and Ruby) which work with standardized wire protocols to collect those metrics and tracing application requests as they span services. There's also exporters for Zipkin, Prometheus, Datadog, Stackdriver, and Azure App Insights with more to come and no need to run a server or daemon to support it. Find out more on

Homebrew: Homebrew, the macOS package manager, has been updated to version 1.5.0. New to this version, an upgrade PostgreSQL command to make life simpler for local PostgreSQL updates. It also comes with dates, specifically, March 1st when the default Python package switches to Python 3. Check the announcement for the many other changes going on.

And Finally you can go paint like they used to... in the 80s and 90s... with, a recreation of Microsoft's MS Paint for the web. You can check out the source and find out what little known features of the original are implemented.

NewsBits. News in bits, every Friday at Compose.

Read more articles about Compose databases - use our Curated Collections Guide for articles on each database type. If you have any feedback about this or any other Compose article, drop the Compose Articles team a line at We're happy to hear from you.

Dj Walker-Morgan
Dj Walker-Morgan was Compose's resident Content Curator, and has been both a developer and writer since Apples came in II flavors and Commodores had Pets. Love this article? Head over to Dj Walker-Morgan’s author page to keep reading.

Conquer the Data Layer

Spend your time developing apps, not managing databases.