Cube Core releases v0.34.0 thru v0.34.34 bring the support for Python and a plethora of updates to data modeling, APIs, and SDKs. It also delivers a fix to a recently discovered and fixed security issue.

Fixed: Denial of service attack on API instances

We've recently published a security advisory that discloses a vulnerability that allowed to make an API instance unavailable by submitting a specially crafted request. This issue was reported by y0d3n in our community Slack and promptly patched in Cube Core v0.34.34.

It's recommended that all users exposing Cube API instances to the public internet upgrade to the latest version to prevent service disruption.

Python for configuration and data modeling

In October, we've announced what looks like one of the most impactful updates to Cube in 2023. Finally, Cube has got support for Python that you can use for configuration and data modeling. Needless to say, you can install and use Python packages, including the all-new cube_dbt package that enables the dbt integration with Cube.

Please feel free to watch these recent webinar recordings to accelerate your start:

Top-level meta in cubes and views

Recently, we've fixed an issue that prevented excludes in views from working correctly in certain cases and an issue that prevented views from matching pre-aggregations in certain cases.

We're also thankful to Michael Harris for contributing the support for top-level meta parameters in cubes and views, complementing the support for meta parameters in dimensions and measures.

- name: active_users
any: value

With these, now you can expose arbitrary metadata about your cubes and views to applications consuming Cube's REST API and its /meta endpoint.

Pass-through authentication in SQL API

We've extended the contract of the check_sql_auth configuration option so that it now accepts both a user name and a password, providing the flexibility of authentication checks and enabling the support for pass-through authentication in the SQL API.

Please check this recipe for an example of using check_sql_auth to verify the credentials for the SQL API using a LDAP catalog, e.g., Google Workspace.

castNumerics in front-end SDKs

We've provided an option to automatically convert all values of dimensions and measures with numeric types to JavaScript Number type when using the JavaScript SDK.

By default, the REST API returns numeric values as strings because numbers more than Number.MAX_SAFE_INTEGER or less than Number.MIN_SAFE_INTEGER can't be represented as JavaScript Number. So, you have to flexibility to decide how to parse numeric values without the loss of precision. Now, you can opt-in for a potentially unsafe conversion to shave off a few lines of front-end code and let Cube convert numeric values for you.

Please see the documentation for details.

Ivy support in Angular SDK

We've also updated the Angular SDK to support Ivy, Angular's next-generation compilation and rendering pipeline. This enables the Angular SDK to be used with the most recent versions of Angular.

Wrapping up

Thanks for tuning in as well as contributing to these updates. We're looking forward to bringing even more exciting updates to Cube Core in 2024.

Please upgrade and try v0.34.34 today in Cube Core with our Docker distribution. It's also available on the latest and stable release channels in Cube Cloud.

As always, please don't hesitate to get in touch with us and share your feedback in our Slack community of more than 9,000 data practitioners.