TigerGraph DB Release Notes

TigerGraph Server 4.2.1 LTS was released on September 5, 2025.

TigerGraph Server 4.2.0 Preview was released on April 3, 2025.

TigerGraph Server 4.2.0 Alpha was released on March 4, 2025.

TigerGraph 4.2’s feature set is an enhancement of what was available in 4.1.2. Therefore, features that were in 4.1.2 are not considered New Features.

Key New Features

Detailed List of New and Modified Features

System Management Enhancements

  • Incremental Backup which efficiently backs up only what has changed since the last backup/restore event.

  • Rolling Upgrades of maintenance versions for HA clusters (Preview).

  • Restore option --keepusers to keep the database users in the current database, not the ones from the backup file.

  • Backup to Azure and GCP cloud storage, analogous to existing support for backup to AWS S3.

  • More graceful user-initiated shutdown of RESTPP and GPE services.

  • Backup HA Enhancement: backup can still work even if a node is down or a region is down.

  • Kubernetes Operator update to v1.5.0 with numerous new features

    • CRR replication, Auto cluster monitoring during creation, upgrade pre-check support, rolling upgrades, backoff delay for job retries to improve resilience

  • gadmin status -v now displays Role information, with support for GPE, GSE, and GSQL.

  • [4.2.1] New ZK.SnapCount configuration enables users to fine-tune the number of committed ZooKeeper transactions that trigger a snapshot, enhancing memory management and stability under high transaction loads.

Security and Access Control Enhancements

Integration Enhancements

  • Writing query output to an S3 object can now be configured at the user session level instead at the system administration level, for better alignment of roles and privileges.

  • Updated Kafka from 2.5.1 to 3.6.2. Updated Zookeeper from 3.6.3 to 3.8.4.

API Enhancements

Query Language Enhancements

Data Streaming/Connector Enhancements

Performance Improvements

GraphStudio, Admin Portal, and Insights

Fixed issues

Fixed and Improved in 4.2.1

Functionality

  • Fixed missing error message when running a non-procedural GSQL query containing syntax errors at the end (GLE-10295).

  • Eliminated false REST-10015 error message when upserting a single vertex using the gsql-atomic-level:atomic flag via REST API (GLE-10680).

  • Fixed a GPE crash caused by removing a cluster node or when a Disaster Recovery cluster has fewer replicas than the primary cluster (CORE-4967).

  • Fixed the MaxFlow algorithm to return correct results, consistent with documented examples (GLE-10737).

  • Fixed a UDF parsing error that failed to detect user-defined function names which conflict with built-in functions (GLE-10326).

  • Fixed an issue where the system would throw a NullPointerException and fail to create or install a query during code validation (GLE-10501).

  • Fixed an issue where authentication was skipped when replaying requests in a Disaster Recovery cluster (GLE-10702).

  • Improved the upgrade process by performing query and token bank compilation checks during pre‑upgrade instead of post-upgrade (GLE‑9459).

  • Fixed GSQL startup failures during upgrade caused by errors while verifying dictionary and UDF files (GLE-11224).

  • Fixed: If an interpreted non-procedural query contained an error but the text prior to the error was valid, the partial query would run and ignore the error (GLE-10295).

  • Fixed an issue that could cause false negatives or false positives during license checks caused by an underflow in the vertex count reporting (CORE-5117).

Improvements

  • Reduced disk usage by removing on-disk indexes in cloud mode and deleting main files in both cloud and on-prem deployments (CORE-4930).

  • Enhanced security for namespace-scoped TigerGraph Operator installations by separating the necessary cluster roles and namespace roles (TP-7024).

  • Improved upgrade logs with a clearer message: Installation of new TigerGraph version (TP-8249).

  • Improved the Rolling Upgrade documentation to explain how queries behave during upgrades, how retries are handled, and how to tune timeout settings, so users can plan smoother upgrades.

  • Improved the Vector Search documentation to detail known limitations, including unsupported ListAccum patterns, use of the ListAccum operator, and WHERE clause restrictions.

  • Added support for configuring file permissions when exporting query results with PRINT TO_CSV, instead of using hardcoded defaults (GLE-11322).

Security

  • Eliminated a security vulnerability that allowed AWS credentials to be read in plain text using the gadmin config get command. These values are now masked (TP-8285).

  • Fixed unauthorized exposure of graph name and creator information via the /auth/simple and /internal/info APIs (GLE-10746).

  • Eliminated the potential exposure of personally identifiable information (PII) in loading job summary files by replacing detailed data with line numbers for invalid entries (TP-8575).

  • Eliminated potential exposure of personally identifiable information (PII) in error messages when a loading job semantic check failed during creation (GLE-11125).

  • Addressed multiple upstream and OS-level security vulnerabilities through package upgrades and dependency patching. Fixed the following security vulnerabilities:

    • CVE-2016-20013, CVE-2016-2781

    • CVE-2017-11164, CVE-2017-7475

    • CVE-2018-18064

    • CVE-2019-6461

    • CVE-2020-8908, CVE-2020-29582

    • CVE-2021-31879

    • CVE-2022-27943, CVE-2022-3219, CVE-2022-41409, CVE-2022-4899

    • CVE-2023-29383, CVE-2023-2976, CVE-2023-34969, CVE-2023-37769,

      CVE-2023-4039, CVE-2023-45288, CVE-2023-45289, CVE-2023-45290,

      CVE-2023-45918, CVE-2023-48161, CVE-2023-50495, CVE-2023-7008

    • CVE-2024-10041, CVE-2024-2236, CVE-2024-23337, CVE-2024-23454, CVE-2024-23944,

      CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791,

      CVE-2024-34155, CVE-2024-34156, CVE-2024-34158, CVE-2024-41996, CVE-2024-45336, CVE-2024-45341,

      CVE-2024-52005, CVE-2024-52615, CVE-2024-52616, CVE-2024-56406, CVE-2024-56433, CVE-2024-6763, CVE-2024-8176

    • CVE-2025-0167, CVE-2025-0913, CVE-2025-1352, CVE-2025-1376, CVE-2025-22233, CVE-2025-22234, CVE-2025-22235,

      CVE-2025-22866, CVE-2025-22870, CVE-2025-22871, CVE-2025-22872, CVE-2025-22874, CVE-2025-23022,

      CVE-2025-27496, CVE-2025-27613, CVE-2025-27817, CVE-2025-27818, CVE-2025-27819, CVE-2025-29088, CVE-2025-30204,

      CVE-2025-32728, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-3576, CVE-2025-41234, CVE-2025-41242,

      CVE-2025-4598, CVE-2025-4673, CVE-2025-46701, CVE-2025-46835, CVE-2025-46836, CVE-2025-47907, CVE-2025-48060,

      CVE-2025-48734, CVE-2025-48924, CVE-2025-48988, CVE-2025-48989, CVE-2025-49125, CVE-2025-49146, CVE-2025-49574,

      CVE-2025-52520, CVE-2025-53506, CVE-2025-55163, CVE-2025-6069, CVE-2025-6395, CVE-2025-7345, CVE-2025-8176

Fixed and Improved in 4.2.0

Functionality

  • Fixed issue where the loading job status was incorrectly cleaned up in advance due to an inaccurate loading job counter (TP-4741).

  • Fixed issue where the loader would fail silently, and now it reports an error directly if the loader fails to start (TP-6420).

  • Fixed issue where loading an empty file triggered a failure loop (TP-6530).

  • Fixed issue with audit error codes being logged when a CDC message fails to deliver to external Kafka (CORE-4249).

  • Fixed critical disk issue caused by the rebuilder getting stuck in a partitioned cluster after dropping vertex or edge attributes (CORE-4303).

  • Fixed issue where CDC EDGE messages with "UNKNOWN" ID were not removed when a query deleted a vertex and edge simultaneously (CORE-4457).

  • Fixed issue where the primary ID was missing when inserting a vertex implicitly from loading an edge in a single-partition cluster and the target vertex used "primary_id_as_attribute=true" (GLE-7562).

  • Fixed issue with running the TigerGraph command gcollect on Kubernetes (TP-6353).

  • Added namespace as a suffix of the HostName in HostList on Kubernetes (TP-6214).

  • Fixed query compilation errors when iterating over FOREACH to retrieve an accum type attribute with the -single or distributed keyword; ensured operations between two different GroupByAccums hold the same data types and field names (GLE-8507).

  • Fixed issue with double quotes in literal strings during the creation of a loading job (GLE-8630).

  • Fixed the inability to fetch dynamic file output policy during query execution (GLE-4847).

  • Fixed issue where sensitive information was not removed from the browser localStorage, ensuring better security (APPS-1066)

  • Fixed a query installation failure for single-node queries that initialize vertex set variables in conditional branches, such as if-else or case-when statements (GLE-7369).

  • Added a button to refetch real-time graph statistics on the Load Data page in GraphStudio (APPS-2565).

  • Added the standard Triangle Counting Algorithm to the built-in query list on the Write Query page in GraphStudio (APPS-3429).

  • Fixed the issue where query creation failed with a "query not found" prompt in GraphStudio (APPS-3624).

  • Removed the requirement to restart the GSQL service after modifying the SSO settings in Admin Portal (APPS-3167).

  • Allowed aborting a query in GraphStudio (APPS-3487).

  • Checked that the buffer length is non-negative before reading a file (TP-6690).

  • Fixed the issue where unauthorized users could access sensitive data, including superuser info, via the /gsql/v1/users API endpoint (GLE-8290).

  • Fixed NoSuchElementException thrown when removing all authentication tokens (GLE-8937).

  • Fixed issue with data source creation failing to sync to Disaster Recovery (DR) due to complex payload handling (GLE-9617).

  • Fixed bug with the to_vertex_set function (GLE-8083).

  • Unblocked the usage of the keyword “function” as a vertex/edge/attribute name (GLE-9803).

  • Fixed the backup restoration issue where GSQL was in a warmup state when importing GSQL data (TP-6949).

  • Fixed the metrics issue where tigergraph_cpu_usage exceeded 100 and tigergraph_cpu_available was negative under high load (TP-7127).

  • Fixed issue where failed backups in corner cases caused the Engine to pause for an extended period, leading to subsequent query timeouts (CORE-4532).

  • Resolved the issue with downloading GSQL output files larger than 3GB in AdminPortal (APPS-3271).

  • Fixed an issue where the GSQL-TIMEOUT header was not being forwarded in the /api/graphql/gsql endpoint (APPS-3648).

  • Fixed a bug where local accumulators defined across multiple lines in a query were misinterpreted as a file in the GSQL client (GLE-8261).

  • Allowed the globaldesigner role to monitor queries in Admin Portal (APPS-3172).

Improvements

  • Improved performance of GSQL queries containing DELETE statements intended for deleting all vertices of a given type (GLE-8328).

  • Added support for debug mode when a pod restart fails due to a PostStartHookError (TP-7228).

  • Corrected the logic for the SelectVertex() function so it throws an error if the filePath is not an absolute path.

Security

  • Fixed the following security vulnerabilities: CVE-2023-45288, CVE-2024-24790, CVE-2024-34156, and CVE-2024-45337.

Known Issues and Limitations

Description Found In Workaround Fixed In

If a non-procedural query has a syntax error, the GSQL interpreter ignored the invalid portion and executed the partial query before the error, without raising an error.

4.2.0

Check the full query before accepting it.

4.2.1

A NullPointerException occurs when performing a code check for queries using statements other than a = vt.* or a = {vt.*}, causing query creation to fail.

4.1.3

TBD

TBD

When pulldict fails, an empty debug log is generated, as the log level for debug is not enabled by default.

4.1.3

TBD

TBD

After upgrading, the system fails to detect to_string() in the UDF file, leading to query compilation errors. This issue occurs because the system doesn’t report parsing errors during file uploads.

4.1.3

TBD

TBD

When using set(index, value) and flip(index) with BitwiseOrAccum<1000>, the task fails due to lack of support for bit operators (&, |, ~) in bitwise accumulation.

4.1.3

TBD

TBD

Using .flip() on BitwiseAndAccum or BitwiseOrAccum inside a PRINT block may produce different results in UDF mode versus Single/Distributed mode.

4.1.3

Move the .flip() logic to the POST-ACCUM block for consistent behavior.

TBD

After a cluster expansion, the GPE service may remain in the warmup state.

4.1.1

If this happens, run gadmin restart gse -y to release the GPE.

TBD

The EXECUTE_QUERY privilege is not enforced on RESTPP endpoints. That is, users who lack EXECUTE_QUERY can still run a query via

POST /restpp/query/{graph_name}/{query_name}

4.1

Use legacy methods for access control: Define separate graphs which span the same data but have different queries and users.

TBD

If a RESTPP request is for a graph operation and thus sent to the GPE then fails inside the GPE, the RESTPP will interpret the response from the GPE as success and report SUCCEED in the audit log.

4.1

Use a /gsql endpoint instead of a /restpp endpoint.

TBD

When upgrading, possible permission error for destination folder.

3.10.1

Manually grant permission to /var/tmp

TBD

Export does not include LDAP proxy groups

3.9+

Manually recreate the proxy groups on the imported database.

Compatibility Issues

Description Version Introduced

Long and dynamic length BitwiseAccum (BitwiseOrAccum/BitwiseAndAccum with length >64 or variable length) are not supported in distributed mode. Run queries in single-node mode to avoid crashes and memory issues. Both types are limited to 10,000,000 in length. The .clear() method is supported to release memory and reduce OOM errors. Comparison and arithmetic operators between two such accumulators are blocked, but comparisons with UINT (e.g., @@bw1 < 64) are still allowed.

v4.2.1

To apply a File Input Policy or File Output Policy change, now both gsql and restpp servers must be restarted: gadmin restart gsql restpp -y

v4.1.3, v4.2.0

The --incremental option for backup now performs a true incremental backup instead of a differential backup.

v4.2.0

In CDC messages, the format of tuple values has changed.

v4.2.0

SelectVertex() may not be used with a relative filepath but previously this was not enforced. It is now enforced.

v4.2.0

The 'graph' field is now included in CDC messages generated by the TigerGraph CDC service.

v3.11.0, v4.1.1

In CDC messages, the format of map values has changed.

v3.11.0, v4.1.1

A full export package now includes access policies and template queries.

v4.1.0

Users could encounter file input/output policy violations when upgrading a TigerGraph version. See Input policy backward compatibility.

v3.10.0

When a PRINT argument is an expression, the output uses the expression as the key (label) for that output value. To better support Antlr processing, PRINT now removes any spaces from that key. For example, count(DISTINCT @@ids) becomes count(DISTINCT@@ids).

v3.9.3+

Betweenness Centrality algorithm: reverse_edge_type (STRING) parameter changed to reverse_edge_type_set (SET<STRING>), to be consistent with edge_type_set and similar algorithms.

v3.9.2+

For vertices with string-type primary IDs, vertices whose ID is an empty string will now be rejected.

v3.9.2+

The default mode for the Kafka Connector changed from EOF="false" to EOF="true".

v3.9.2+

The default retention time for two monitoring services Informant.RetentionPeriodDays and TS3.RetentionPeriodDays has reduced from 30 to 7 days.

v3.9.2+

The filter for /informant/metrics/get/cpu-memory now accepts a list of ServiceDescriptors instead of a single ServiceDescriptor.

v3.9.2+

Some user-defined functions (UDFs) may no longer be accepted due to increased security screening.

  • UDFs may no longer be called to_string(). This is now a built-in GSQL function.

  • UDF names may no longer use the tg_ prefix. Any user-defined function that began with tg_ must be renamed or removed in ExprFunctions.hpp.

v3.9+

Deprecations and Removals

Description Deprecated Removed

The --meta option for backup is no longer needed because metadata is now included automatically with backup files.

3.9.2

4.2.0

Streaming connector for external Kafka (3.6 to 3.9.2 version)

3.9.3

4.2.0

The format for tuple structures in CDC messages will change in a future version. The future format is likely to be similar to the new format for maps.

4.1.1

4.2

Access Control Lists (ACLs) are no longer supported. When upgrading from 3.x to 4.x, ACL privileges will be automatically migrated to object-based privileges.

4.1.0

4.1.0

The use of plaintext tokens in authentication is deprecated. Use OIDC JWT Authentication instead.

3.10.0

TBD

Vertex-level Access Control (VLAC) and VLAC Methods are removed and are no longer available.

3.10.0

4.1.0

The command gbar is removed and is no longer available. It has been replaced by gadmin backup.

3.7

3.10

Spark Connection via JDBC Driver is now deprecated and will no longer be supported.

3.10.0

TBD

Build Graph Patterns is deprecated and will not be updated or supported and instead we are focusing on Insights as the tool of choice for building visual queries.

3.9.3

TBD

Kubernetes classic mode (non-operator) is deprecated.

3.9

TBD

The WRITE_DATA RBAC privilege is deprecated.

3.7

4.1

Release notes for previous versions