Virtuoso 08.03.3335 Release Notes

Announcements
, , ,
1

Virtuoso 08.03.3335 Release Notes

We are pleased to announce the immediate availability of a new Virtuoso Maintenance Release comprising a wide variety of feature enhancements and bug fixes across the following functionality realms:

This release introduces support for the wikibase:mwapi SERVICE handler, multiple publications in RDF transactional replication, delta sharing, JSON canonicalization, and a Machine Payments Protocol (MPP/x402) handler spanning the HTTP server and VAL authentication layers.

Additional highlights include SQL Optimizer and SPARQL improvements, VAL authentication with Passkey support, significant improvements to the OpenLink AI Layer, and Sponger LLM meta-processing enhancements. The release also delivers widespread memory safety, and correctness bug fixes throughout the core engine, HTTP server, OpenLink Dataspaces, and R2RML layers.

Also note the following sections:

Virtuoso DBMS Engine Core

  • Added initial support for delta-sharing
  • Added JSON canonicalization function for use with JWS and related standards.
  • Added missing C99 math functions.
  • Added initial support for getaddrinfo() and getnameinfo().
  • Added support for poll() to replace select().
  • Added TCP socket BIFs to the unsafe list.
  • Added assert to check if MP is busy.
  • Added support for zlib version 1.3.2
  • Fixed deep stack check in vectorised execution.
  • Fixed MD5 used for shared compilation cache key — avoids keeping extra text copy, reduces memory fragmentation.
  • Fixed check for dead virtual database connections.
  • Fixed ODBC API sequence causing error when attaching table from PostgreSQL.
  • Fixed check for unsupported INSERT INTO view via SELECT
  • Fixed OR expression with NULLs now handles UNKNOWN correctly per SQL semantics.
  • Fixed col=col optimisation — only applied when column is non-null or not a column reference.
  • Fixed NOT(equality) incorrectly transformed to always false in subquery/EXIST context.
  • Fixed OR with true at left-hand side — now correctly reduced rather than rewritten as AND.
  • Fixed EXIST not restricting max rows to one during local test on vector seek.
  • Fixed INTERSECT when using hash.
  • Fixed FLOOR() and CEILING() to return double.
  • Fixed crash when using SAMPLE with union and group by.
  • Fixed TPC-H Q2 RDF query failure when enable_dfg was set.
  • Fixed scalar subq top-1 not applying top-k trick correctly with join test.
  • Fixed VDB union with const expression in select branch causing bad SSL ref.
  • Fixed redundant NULL removal in IN (const1, const2).
  • Fixed check for upper MP limit increment in optimiser.
  • Fixed max memory pool size handling at 4 GB boundary.
  • Fixed infinite optimisation loop in sparp_simplify_expn_with_req.
  • Fixed wrong condition when traversing constants — IRI flag mask corruption.
  • Fixed long-running query on v8 for EUPO.
  • Fixed SPARQL optimizer incorrectly inlining gby(?var) when var is bound.
  • Fixed recursive hash call resulting in stack overflow.
  • Fixed false positives in HRNG_IN hash lookup results.
  • Fixed bloom pre-filtering silently dropping hash members.
  • Fixed unused estimate on chash_in.
  • Fixed bad constant expression in hash fill.
  • Fixed transitivity node 2-ways — duplicate rgs_ack removal and missing unbound graph in dt2way union.
  • Fixed derived table and transitive direction — only same-DT columns drive direction.
  • Fixed issue with call not yet traversed — now creates new DFE.
  • Fixed variable used outside of scope.
  • Fixed missing check for star in function call.
  • Fixed missing check for DFE_FALSE.
  • Fixed missing check for right outer-join table.
  • Fixed aggregate not returning error in UA.
  • Fixed GEO const using ANY type for result.
  • Fixed check for false shortcut in plan.
  • Fixed aggregate on constant with no result.
  • Fixed re-compiling module proc — new QR must not be dropped as it is referenced by all new module proc QRs.
  • Fixed join sampling on out cols.
  • Fixed enabled QRC issue.
  • Fixed case/qualified name issue.
  • Fixed CONCAT over RDF box string literal containing UTF-8 — must not cast to default.
  • Fixed concat() with non-string and RDF box.
  • Fixed TSV string encoding — tab, newline, and carriage return now encoded as \t, \n, and \r respectively; triple-quote forms not used.
  • Fixed JSON-LD unknown bnode with many types — takes first result instead of stopping load.
  • Fixed pointer type mismatch in conditional expression in JSON parser.
  • Fixed timezone hour field length in dateTime constructor causing some dates to be converted to strings in RDF.
  • Fixed xsd:time conversion for cast(THH:mm:SS as time).
  • Fixed thread tmp pool not released on time.
  • Fixed overflow check before assign.
  • Fixed buffer read after boundary in cha_any.
  • Fixed buffer underflow when column value is empty string.
  • Fixed interpolation function reading after boundary.
  • Fixed ptr of local array used out of scope.
  • Fixed box_length called on non-box variable.
  • Fixed scanner tokens now correctly allocated as MP box.
  • Fixed fvector size/length — sizeof(float) throughout; no double allocation.
  • Fixed numeric DTP when column is bound — boxed correctly.
  • Fixed non-parsable numeric set to NaN.
  • Fixed missing IS_TS check.
  • Fixed missing critical section in PL remove.
  • Fixed missing client enter assert with mtx_debug.
  • Fixed mutex issue with status('l') and async queue on independent branches (visible as hang).
  • Fixed recent crashes from VOS GitHub issues.
  • Fixed position() and casemode_strcmp() for NULL arguments.
  • Fixed ws_session check — can be WebSocket callback.
  • Fixed TCN order by server-side QS.
  • Fixed WebID check for nobody perms.
  • Fixed boolean type of UDT field not serialised in SOAP.
  • Fixed error codes for COL and VEC.
  • Fixed missing test for star.
  • Fixed missing test for table existence in DROP COLUMN.
  • Fixed password handling — uses params instead of truncating.
  • Fixed broken output when copy param is not printed.
  • Fixed SSL ref reset outside of scope.

HTTP (Web) Server

  • Added MPP (Machine Payments Protocol) handler for x402 and HTTP 402 responses.
  • Added ACL cleanup for http_reaper.
  • Added fail code to HTTP advanced DAV ACLs.
  • Added support for JSON-LD formats.
  • Fixed HTTP log CR/LF in request line after HTTP 509.
  • Fixed OPTIONS against authenticated calls no longer returns 401; responds 204 with CORS headers.
  • Fixed OPTIONS on .well-known producing response body.
  • Fixed XSLT post-process cleanup — memory leak that could cause crash.
  • Fixed SSE not read when content length is already given.
  • Fixed obj2json to pass max depth in recursive call; preserve null input.
  • Fixed outstanding locks released before sending content.
  • Fixed HTTP web bot signatures.
  • Updated Turtle/JSON-LD upload handler to correctly apply LDP clear when the flag is reset.

SPARQL Query Processor

  • Added support for wikibase:mwapi SERVICE handler.
  • Added support for generating VoID graph for a graph group.
  • Added DBA-configurable information box on the /sparql form via registry_set.
  • Fixed graph caching exposing private graphs as public when VAL not installed.
  • Fixed SPARQL FILTER on OPTIONAL — bound/unbound miscounting and performance issue.
  • Fixed filter using BIND() result inside optional.
  • Fixed filter outside of optional causing wrong IRI equality.
  • Fixed timing-out query with inference and multiple unions — disabled GP flattening in this case.
  • Fixed bad eq idx check — disconnect eq from outer via backward loop.
  • Fixed subq filter and language of literals.
  • Fixed tightening against non-existing constraint.
  • Fixed isBlank auto mode — no longer errors, behaves like isIRI.
  • Fixed SPARQL vars options and permalink.
  • Fixed generic literal class — no longer derives when mapping to same IRI class name.
  • Fixed parse not skipped when timeout already reached.
  • Fixed infinite optimisation loop.
  • Fixed 64-bit IRI IDs for graph groups and membership.
  • Fixed RDF view single primary key on date — not previously supported.
  • Fixed input check for prefix in RDF view/maps.
  • Fixed RDF Views total count stats optimisation.
  • Fixed virtual graphs excluded from WebID lookup.
  • Fixed /sparql UI help links made relative.

SHACL Processor

  • Added sh:message in SHACL report upon validation failure.

Virtuoso Replication

  • Added initial support for multiple publications via graph groups in RDF transactional replication.
  • Added replication unsubscribe RPC to handle void subscriptions on publisher.

Data Transformation Middleware Layer (“Sponger”)

  • Added multiple task types for LLM meta processing.
  • Fixed callback query to retrieve all literals of a subject.
  • Fixed LLM cartridge to call embeddings extraction in chain.
  • Fixed authenticated VAL user now recorded and checked in batch cartridge.
  • Fixed typo in table name.
  • Fixed explicit get:cartridge none no longer runs meta cartridges.
  • Updated to use API for retrieving embedding task.

Faceted Search and Browsing

  • Removed deprecated support for AddThis.
  • Fixed potential XSS vulnerabilities.
  • Fixed encoding issues with URIs and labels.
  • Fixed VSP escapes.
  • Fixed grammar and spelling mistakes.

Virtuoso Authentication Layer (VAL)

  • Added Machine Payments Protocol MPP 402 callback hooks for SPARQL endpoints.
  • Added 402 Payment Required handlers for access-gated resources.
  • Added VAL login option in Conductor UI.
  • Added option to return all restriction values from VAL APIs.
  • Added common authentication layer for RESTful APIs.
  • Added support for HTTP HEAD method.
  • Added sql:big-data-const annotation to ensure correct compilation for SPARQL INSERT DATA statements.
  • Added initial support for Passkey authentication.
  • Added sandbox mode global state preservation across calls.
  • Fixed HTTP 402 Payment Required error state preserved across request lifecycle.
  • Fixed missing request access dialog.
  • Fixed session entry now correctly committed and returned.
  • Fixed VAL to accept both http and https when resolving person IRIs generated by ODS.
  • Fixed bitmask value handling in tests.
  • Fixed null realm now treated as default realm, preventing wrong rule/group/restriction graph selection.
  • Fixed realm assignment issue.
  • Fixed API restriction storage to use SPARQL Update (SPARUL) for insert/delete operations.
  • Fixed HTTP error codes returned by VAL public API.
  • Fixed DAV normalize path no longer attempting to resolve paths already under /DAV/.
  • Fixed netid set to owner correctly when authorizing on their behalf.
  • Fixed min/max choice logic to correctly assign value params.
  • Fixed VAL operations via OPAL tools.
  • Fixed restriction values handling.

HTML-based Admin Interface (“Conductor”)

  • Added initial support for multiple publications via graph groups.
  • Added support for OpalFs.
  • Added option to login in Conductor via VAL.
  • Fixed issue with Linked Data / SPARQL page.
  • Fixed syntax error on page.
  • Fixed grammar and spelling mistakes in Conductor.
  • Fixed missing bold tag on table headers.
  • Removed bold from first column on Monitor Version and HTTP tabs.
  • Fixed clear float on attention_box.
  • Fixed potential XSS vulnerabilities in fct.
  • Fixed format attribute, value attributes, href and src attributes, and URL parameters to use correct %V, %H, and %U escapes.
  • Replaced simple http() calls with http_value() / <?V ?> equivalents.
  • Fixed DAV browser in root dir adding duplicate directory delimiters.
  • Fixed ACME-related key storage to suppress ODS triggers.
  • Fixed &amp; encoding in style producing &nbsp;.
  • Fixed select list for user names capped at 1,000 entries.

R2RML

  • Fixed issue with RML type mappings
  • Fixed missing dot that confused parser.
  • Fixed IRI class with one argument not accepting dates as dt.
  • Fixed issue parsing qualifier when table already exists.
  • Fixed arg name for IRI classes.
  • Fixed string literal constants no longer incorrectly defaulting to IRI type.

OpenLink AI Layer (OPAL)

  • Added OPAL Skills.
  • Added MPP over JSON-RPC.
  • Added MPP handler call.
  • Added API Catalog and MCP discovery endpoints.
  • Added skills input for RESTful APIs.
  • Added skill tools rendering.
  • Added tools page for WebMCP.
  • Added agent tracking; consolidated MCP/REST API logic.
  • Added UCP RESTful implementation.
  • Added MCP transport.
  • Added unzip callback on JSON/assistant config folder.
  • Added DAV batch callback and embeddings support.
  • Added Gemini batch API support.
  • Added embedding models support in batch APIs.
  • Added Gemini native API for file search and related operations.
  • Added file attach for Gemini via OpenAI compat API.
  • Added image generation via Gemini models.
  • Added file management tool with list support.
  • Added file search in OPAL UI.
  • Added vector stores MCP tools.
  • Added support for uploading blobs (capped at 10 MB).
  • Added attributes for file search to JSON assistant config.
  • Added Gemini file get support.
  • Added initial support for OPAL File DET.
  • Added debug SSE for assistant API.
  • Added filter and group action on models UI.
  • Added Linked Data view for chat sessions.
  • Added remote SPARQL service tool.
  • Added Sponge tool.
  • Added Web Fetch tool (OpenAI and Claude).
  • Added ADM.DBA.val_acl_restrictions tool.
  • Added new “Class” tool.
  • Added SPARQL to VAL assistant.
  • Added timeout to chat tool.
  • Added agent class.
  • Added max prompts per interval restrictions.
  • Added enabled tools to the restriction mix.
  • Added tool for configuring subscription cache interval.
  • Added tools to manage ACL-only purchases for the shop.
  • Added gemma model to Google domain.
  • Added function to isolate table ref in Sponger code.
  • Fixed Gemini 4 models context window set to 256K.
  • Fixed DB schema tool arguments and instructions.
  • Fixed Gemini tool call handling with text and signature.
  • Fixed skill with STDP instructions handling.
  • Fixed session check for unauthorized access.
  • Fixed Claude function call without args when combined with other calls; skill retrieval tool.
  • Fixed list_models to handle Claude.
  • Fixed scheduled task to check for dummy key.
  • Fixed vector store upload.
  • Fixed vector store API to include provider.
  • Fixed empty media type handling.
  • Fixed Gemini API missing selection — force on non-empty.
  • Fixed Gemini 3 function tool OpenAI compatibility.
  • Fixed attachments enabled for GPT-5.
  • Fixed complete message wrapper — handles various file inputs; merged common code.
  • Fixed responses OAI API handlers: stop flag not reset, cursor used for last, subselect issue.
  • Fixed responses API arrangement; fixed missing file/image inputs.
  • Fixed chat complete MCP tool to use responses API; added Gemini signatures.
  • Fixed file expiration check — hash on content no longer unique for f_id when file is obsoleted.
  • Fixed Gemini file expiration — expiration date now stored.
  • Fixed resumable upload to ensure filename; fixed files API re-get.
  • Fixed large file upload to OpenAI; fixed empty string API key in params.
  • Fixed chat session copy missing new fields.
  • Fixed instructions not used for embeddings.
  • Fixed content splitting when embeddings are batched.
  • Fixed deleting task should clear FK reference.
  • Fixed missing grant.
  • Fixed file store sync for last-used timestamp.
  • Fixed link for embedding batch items.
  • Fixed faster pattern match for models.
  • Fixed callback query to get all literals of subject.
  • Fixed bitmask setting check.
  • Fixed copy of store ID on continue from shared session.
  • Fixed VAL tools to signal sandboxing.
  • Fixed tools authentication for responses API.
  • Fixed Claude batch item handling with file.
  • Fixed Claude: empty text no longer passed as input; top_p and temp not sent to Claude models.
  • Fixed Claude-Opus errors re top_p; model context window increased.
  • Fixed admin permissions.
  • Fixed check for admin access.
  • Fixed transactions in chat complete tool.
  • Fixed enabled modules error on position.
  • Fixed wrong functions parameter.
  • Fixed shadow variable.
  • Fixed attribute concatenation.
  • Fixed OAI.DBA.chatModels missing decorations.
  • Fixed urn:chat:module restriction to keep comma-separated list of modules/assistants.
  • Fixed function results token estimate to handle web pages.
  • Fixed Gemini context size to 1M.
  • Fixed gpt-4o-mini as default model; fallback to last used or default when no model selected.
  • Fixed chatModels/GET as public alias for getModels.
  • Fixed VAL assistant.
  • Fixed input checking to map empty strings to NULL — LLMs often use empty string as none.
  • Fixed RDF view fragment identifier.
  • Fixed tool timeout and error message.
  • Fixed clean button on new session from stopped state.
  • Fixed ACL check on DAV-hosted assistant configs.
  • Fixed assistant config list filtered by restriction.
  • Fixed issue initializing session state — new session now sends selected tools.
  • Fixed module accessibility when netid is restricted to it.
  • Fixed chat complete tool stopping at many sequential tool calls; default limit raised to 10.
  • Fixed MCP done notification before exit proc.
  • Fixed idempotency key required only for complete and cancel in MCP.
  • Updated OPAL ontology.
  • Updated OpenAI API.
  • Deprecated assistant API; disabled refresh.
  • Discarded thoughts from model output.
  • Tool execution now runs in its own transaction.
  • Updated VAL tools with new parameter.
  • Updated to load offer and restriction information from a file.
  • Moved ontology and added to VAD.
  • Disabled tool optimisation for larger models.
  • Moved Skill Resources Retriever after BPE init.

OpenLink Data Spaces

  • Added delegated ODS API authentication via admin account OAuth2 tokens.
  • Added VAL ACL rules for private graphs.
  • Added returnurl to mail verification email links.
  • Added passkeys support in ODS.
  • Added emailverify option to server.getInfo.
  • Added reCAPTCHA to registration — site key stored in registry, verified server-side before user.register.
  • Added option to register using third-party accounts.
  • Fixed VAL-backed SPARQL to use graph caching.
  • Fixed S3 DET to avoid deep recursion.
  • Fixed SSL ref-before-set and sqlx/sql-xml statements for RSS comments.
  • Fixed user profile in TTL being empty when graph security is enabled and default rules are applied.
  • Fixed VAL ACL rule cache now cleared when private graph rules are added.
  • Fixed DESCRIBE to handle both http and https shop IRIs.
  • Fixed null encoding — no longer attempts to encode null values.
  • Fixed missing SPARQL pragmas in sem ping and API.
  • Fixed sem ping and API to use physical store.
  • Fixed passkey error handling.
  • Fixed registration email to use alternate multipart format.
  • Fixed cursor join order to prevent optimizer issue.
  • Fixed ODS API: no longer removes server caps for local servers; fixed non-XML error parsing; removed debug output.
  • Fixed third-party account binding no longer rolled back — commit and notify instead.
  • Fixed missing realm in third-party callback.
  • Fixed dcterms prefix declaration.
  • Fixed inserts to use explicit iri().
  • Fixed SPARQL query to use physical store.

JDBC, Jena and RDF4j Connectors (Providers)

The latest Virtuoso JDBC, Jena and RDF4j providers are also available via the Maven Central repository.

Installer Availability

On-premise Installers and Docker Containers

Cloud Edition Releases for Amazon AWS, Microsoft Azure, and Google Cloud Platform

Amazon AWS

Microsoft Azure

Google Cloud Platform

Upgrade Notes

For All Upgrades

  • Always make sure the database has been properly shut down and the transaction log (virtuoso.trx) is empty before performing any update/upgrade. This is easily done by launching Virtuoso with the extra command-line argument +checkpoint-only. Virtuoso will launch, replay the transaction log, run a checkpoint (which zeroes the transaction log), and exit cleanly.

  • Before upgrading any database, it is always a wise precaution to make a proper backup.

Upgrading an Existing Cloud Instance Virtual Machine

Execute the relevant command for your operating system distribution:

  • Ubuntu and related — apt update && apt upgrade
  • RedHat and related — yum update

Manually Overwriting an Older Binary with the Latest Edition

Start with the documentation of manual upgrades.

If you choose to manually replace the Virtuoso server binary (virtuoso-iodbc-t) in-situ, you MUST also update the libraries in the Virtuoso hosting/ subdirectory due to incompatibilities between the latest binary and previous plugin versions. We also strongly RECOMMEND that you update the VAD packages in the vad/ subdirectory.

Upgrading from Any Previous Version to the Latest Version

For best results with existing installations, we recommend following our simple step-by-step guide to upgrade from any previous version of Virtuoso to the latest version.

Additional Information