Release Notes v0.24.3

Release Date: 2026-04-27
Type: Patch Release (SQL Script Fixes)

Overview

Version 0.24.3 contains two targeted fixes to the audit initialization SQL
scripts introduced in v0.24.1.

Fixed

aud_init_trail_aud.sql: Standard/FGA Trail Location Conditional on Audit Mode

Standard and FGA audit trail locations are now only configured when the database
runs in Mixed Auditing Mode. In Pure Unified Auditing mode the AUD$ and
FGA_LOG$ tables are not active and calling set_audit_trail_location for
AUDIT_TRAIL_DB_STD is unnecessary.

The audit mode is detected at runtime via V$OPTION:

The partition interval is set in both modes.

aud_init_jobs_aud.sql: Purge Job Name Normalized to Uppercase

The purge job name was inconsistently mixed-case (Daily_Unified_Audit_Purge_Job).
Normalized to DAILY_UNIFIED_AUDIT_PURGE_JOB for consistency with
DAILY_UNIFIED_AUDIT_TIMESTAMP and Oracle scheduler naming conventions.

Upgrade Notes

• Drop-in replacement for v0.24.2 - no breaking changes for new installations
• Existing databases where Daily_Unified_Audit_Purge_Job was already created
  by a previous run of aud_init_jobs_aud.sql are not affected - the script
  checks for job existence before creating

Full details in CHANGELOG.md.

Release Notes v0.24.2

Release Date: 2026-04-27
Type: Patch Release (Installer Fix)

Overview

Version 0.24.2 fixes a second unbound variable regression in oradba_install.sh
introduced in v0.24.0 when set -euo pipefail was enforced across all installer
scripts. The -u flag causes bare references to unset environment variables to
abort the script, and $ORACLE_BASE was not set in bare container environments
(no Oracle installed).

Fixed

Installer: $ORACLE_BASE Unbound Variable in prompt_oracle_base()

oradba_install.sh crashed in prompt_oracle_base() when $ORACLE_BASE is
not exported in the environment - which is the case in bare containers or any
system without Oracle installed (i.e. fresh installs, the primary use case).

Affected versions: v0.24.0, v0.24.1
Affected environments: any environment where ORACLE_BASE is not exported
as a shell variable before running the installer.

Root cause: Bare variable reference without default in a -u strict context:

# Before (fails when $ORACLE_BASE is not exported):
if [[ -n "$ORACLE_BASE" ]]; then
    ORACLE_BASE_PARAM="$ORACLE_BASE"
    return 0
fi

# After (safe: evaluates to empty string when unset):
if [[ -n "${ORACLE_BASE:-}" ]]; then
    ORACLE_BASE_PARAM="${ORACLE_BASE}"
    return 0
fi

Upgrade Notes

• Drop-in replacement for v0.24.1 - no breaking changes
• Both v0.24.1 ($USER) and v0.24.2 ($ORACLE_BASE) fixes are required for
  reliable container-based installations; upgrading directly from v0.24.0 to
  v0.24.2 resolves both regressions

Full details in CHANGELOG.md.

Release Notes v0.24.1

Release Date: 2026-04-27
Type: Patch Release (Installer Fix + SQL Script Enhancement)

Overview

Version 0.24.1 is a patch release that fixes a regression introduced in v0.24.0
where oradba_install.sh failed in container environments (Docker, Podman) that
do not set the $USER environment variable. In addition, the release includes a
SQL script enhancement splitting aud_init_full_aud.sql into focused, standalone
initialization scripts.

Key themes:

• Installer fix: $USER unbound variable error in Docker/container builds
• CI fix: pandoc Docker container now runs as current user to avoid cleanup
  permission errors
• SQL Scripts: aud_init_full_aud.sql split into four standalone sub-scripts

Fixed

Installer: $USER Unbound Variable in Container Environments

oradba_install.sh crashed during metadata creation when run inside a Docker
or Podman container that does not export $USER as an environment variable.
With set -euo pipefail active, the unbound variable caused an immediate exit
with code 1.

Affected versions: v0.24.0
Affected environments: Docker (USER oracle directive), Podman, any container
build where $USER is not set as an environment variable.

Root cause: Line in oradba_install.sh:

# Before (fails when $USER is not exported):
install_user=${INSTALL_USER:-${USER}}

# After (falls back to whoami if $USER is unset):
install_user=${INSTALL_USER:-${USER:-$(whoami)}}

whoami always returns the effective user name regardless of whether $USER
is set in the environment.

CI: pandoc Docker Container Permissions

scripts/build_pdf.sh now runs the pandoc Docker container as the current
user (--user $(id -u):$(id -g)) to prevent ownership issues when cleaning
up generated files in CI environments.

Added

SQL Scripts: Split aud_init_full_aud.sql into Standalone Scripts

The monolithic aud_init_full_aud.sql has been split into four focused,
standalone initialization scripts. Each script can be called individually
or via the updated master script.

Upgrade Notes

• Drop-in replacement for v0.24.0 - no breaking changes
• Existing Docker/container builds using oradba_install.sh will now succeed
  without needing to set ENV USER=oracle as a workaround
• aud_init_full_aud.sql is fully backward-compatible; each sub-script can
  also be called individually with the same parameters

Full details in CHANGELOG.md.

Release Notes v0.24.0

Release Date: 2026-04-16
Type: Minor Release (SQL Script Expansion + Shell/Library Hardening)

Overview

Version 0.24.0 is a substantial expansion of the SQL scripts library combined
with a shell robustness and architecture milestone. The primary new content comes
from a sync with ora-db-audit-eng — adding 18 new audit scripts and improving
8 existing ones. The release also completes a systematic nine-topic review of the
full repository covering shell strict mode, library decomposition, documentation
restructuring, and CI/CD hardening.

Key themes:

• SQL Scripts: 18 new audit analysis and utility scripts; 8 improved scripts
• Shell robustness: set -euo pipefail enforced across all 26 executable scripts
• Library architecture: oradba_common.sh decomposed from 3,202 to 1,675 lines
• Documentation: user docs restructured from 22 to 14 chapters
• CI/CD: pipeline hardened with timeouts, pinned versions, and concurrency groups

Added

SQL Scripts: 18 New Audit Analysis and Utility Scripts

Scripts synced from ora-db-audit-eng — all standalone, no container paths.

Splunk Integration (new category):

Trail Volume Analysis (new category):

Event Detail Queries:

Configuration and Health:

Policy Management:

Utility and Session Helpers:

API Documentation Target

scripts/generate_api_docs.py wired into the build system. make docs-api
(or make docs) parses all function headers in src/lib/ and src/bin/ and
generates categorised markdown pages under src/doc/api/.

archive_github_releases.sh: Dynamic Release Discovery

The hardcoded 34-entry release list has been replaced with live gh release list
queries: --keep N (default: 3), --before VERSION, --repo REPO override.

SQL: MFA User Information

spsec_usrinf.sql now includes MULTIFACTOR_AUTHENTICATION_METHODS for
comprehensive user identity reporting.

Fixed

SQL Scripts

• aud_config_show_aud.sql: replaced direct sys.fga_log$ access with
  dba_fga_audit_trail view — no SYS object access required
• aud_grants_show_aud.sql: added missing SPOOL OFF
• aud_top_policy_detail_aud.sql: fixed column header Policies -> User
• sec_whoami_show.sql: full standalone implementation (was alias to spsec_usrinf.sql)

Plugin System

• execute_plugin_function_v2: plugins declaring plugin_interface_version
  other than 1.0.0 now emit a WARNING to stderr
• load_extension: unreadable extension directories now log WARN and return 1

PDF and Documentation Build

• Mermaid <br/> replaced with <br> in all 19 affected files
• Mermaid PDF rendering: --lua-filter mermaid.lua added to scripts/build_pdf.sh
• LaTeX \underbar/\underline warnings suppressed via awk stderr filter
• make docs-pdf: PANDOC_IMAGE uses conditional assignment (?=)
• Deprecated --listings flag removed; replaced with --syntax-highlighting=idiomatic

Installer

• oradba_install.sh now auto-creates missing parent directories with warnings

oradba_rman.sh / oradba_help.sh

• source oraenv.sh wrapped with set +eu/set -eu in execute_rman_for_sid()
• Upfront RCV script existence check before SID processing
• mapfile replaced with while IFS= read -r for macOS bash 3.2 compatibility

Test Suite

• Documentation tests in test_service_management.bats updated to reference
  src/doc/operations.md after service-management.md was retired

Changed

SQL Scripts Improved

• aud_policies_show_aud.sql: ROW_NUMBER() deduplication of policy attributes;
  sort Active YES first, ODB before ORA
• aud_report_full_aud.sql: extended with trail volume analysis sections
• aud_critobj_show_aud.sql, aud_critprivs_show_aud.sql: improved parameter
  handling with defaults

Library Architecture: oradba_common.sh Split

21 functions extracted from oradba_common.sh (3,202 to 1,675 lines, -48%).
Fully backward-compatible: oradba_common.sh sources the new libs at end of file.

Shell Strict Mode: set -euo pipefail Enforced

All 26 pure-executable src/bin/*.sh scripts now have set -euo pipefail.
Dual-mode scripts (oraenv.sh, oradba_env.sh, oradba_extension.sh,
oradba_homes.sh) intentionally excluded.

User Documentation: 22 to 14 Chapters

Reduces the PDF Table of Contents from 3+ pages to ~1.5 pages.

CI/CD Pipeline Hardened

• Concurrency group added to cancel redundant runs on same branch/PR
• shellcheck pinned to v0.10.0
• timeout-minutes added to all jobs in ci.yml
• .markdownlint.yaml added to markdown changes filter
• All four SHA256 checksum files uploaded as release assets
• dependency-review.yml: actions/dependency-review-action@v4 added

Removed

Upgrade Notes

• No breaking changes for existing callers of oradba_common.sh
• service-management.md and log-management.md no longer exist; content is
  in src/doc/operations.md
• Custom scripts referencing removed functions...

Release Notes v0.23.1

Release Date: 2026-02-19
Type: Patch Release (Update Preservation + Verify Noise Fix)

Overview

Version 0.23.1 improves update safety for user-managed secret/certificate files
and removes residual verify noise for runtime-managed extension template cache
artifacts.

🛠️ Fixed

Runtime Template Cache Verify Noise

• oradba_version.sh --verify now excludes runtime-managed extension template
  cache files from additional-file reporting:
  • templates/oradba_extension/.version
  • templates/oradba_extension/extension-template.tar.gz
• Prevents false changed/additional reports after fresh installs where cache
  files are generated or refreshed at runtime.

Sensitive File Preservation During Updates

• Core installer update flows (oradba_install.sh --update / --force) now
  preserve user-managed sensitive files in:
  • etc/*.b64, etc/*.pem, etc/*.key, etc/*.crt
  • extensions/*/etc/*.b64|*.pem|*.key|*.crt (bundled extension tree)
• Extension updates (oradba_extension.sh add ... --update) now preserve
  user-added files of the same sensitive types:
  • *.b64, *.pem, *.key, *.crt

🔄 Changed

Documentation Updates

• Updated installation guide to document sensitive file preservation behavior
  during core updates.
• Updated extension system guide to document preserved user-added sensitive file
  types during extension updates.

🚀 Upgrade Notes

No breaking changes.

Recommended: after update, run integrity check and verify preserved files:

oradba_version.sh --verify
ls -l "$ORADBA_BASE/etc"/*.b64 "$ORADBA_BASE/etc"/*.pem 2>/dev/null

Release Notes v0.23.0

Release Date: 2026-02-18
Type: Minor Release (Startup Performance + Cross-Platform Compatibility)

Overview

Version 0.23.0 improves oraenv.sh startup behavior for login/profile usage,
adds a startup-optimized --fast-silent mode, and strengthens cross-platform
compatibility for macOS default Bash environments. It also prevents runtime
configuration files from being overwritten during installer/update workflows.

✨ Added

Startup Profiling and Fast Silent Mode

• Added optional startup profiling with ORADBA_PROFILE_STARTUP=true in oraenv.sh
• Added per-phase timing output and effective startup flag reporting
• Added --fast-silent mode for startup-optimized silent initialization
• --fast-silent skips alias generation and SQLPATH setup during startup

🛠️ Fixed

macOS Bash 3.2 Compatibility

• Replaced Bash 4+ case conversion expansions in startup-critical paths with
  portable tr-based conversion
• Updated startup helpers to avoid Bash 4-only patterns in interactive and
  silent flows
• Fixed SQLPATH assembly to use BSD-compatible paste invocation on macOS
• Added macOS Instant Client .dylib detection support

Startup Performance and Discovery Safety

• Reduced startup overhead for non-database homes in oraenv.sh
• Added opt-in discovery/sync behavior for oratab → oradba_homes.conf
• Gated fallback sync paths to avoid writes when discovery is disabled
• Made alias generation honor ORADBA_LOAD_ALIASES in startup-optimized modes

Installer Runtime File Protection

• Preserve/restore runtime-managed files during install/update copy:
  • etc/oradba_homes.conf
  • etc/oratab
  • etc/sid.dummy.conf
• Excluded runtime-generated files from installer build payload staging

🔄 Changed

Startup Troubleshooting and User Guidance

• Updated user docs with startup troubleshooting and profiling workflow
• Added --fast-silent usage guidance in user documentation
• Documented trade-offs when skipping aliases and SQLPATH during fast startup

🚀 Upgrade Notes

No breaking changes.

Recommended profile startup patterns

Use one of the following in login/profile scripts:

# Fastest startup
source oraenv.sh <NAME> --fast-silent

# Tuned silent mode
export ORADBA_LOAD_ALIASES_IN_SILENT=false
export ORADBA_CONFIGURE_SQLPATH_IN_SILENT=false
source oraenv.sh <NAME> --silent

If interactive aliases or SQLPATH-based SQL script lookup are required in a
session, source oraenv.sh again in normal mode.

Release Notes v0.22.1

Release Date: 2026-02-17
Type: Patch Release (Integrity Verification)

Overview

Version 0.22.1 fixes false-positive core integrity check results for
runtime-managed extension template cache files.

🛠️ Fixed

Installer Integrity Verification Noise Reduction

• Core integrity verification now excludes runtime-managed files:
  • templates/oradba_extension/.version
  • templates/oradba_extension/extension-template.tar.gz
  • .install_info
• These files remain included in .oradba.checksum for installation metadata
  and distribution consistency.
• Prevents false MODIFIED reports after refreshing bundled extension template
  cache files.
• Added regression coverage in tests/test_oradba_version.bats.

🚀 Upgrade Notes

No breaking changes.

This is a verification behavior fix only; installation layout and extension
create workflow are unchanged.

Release Notes v0.22.0

Release Date: 2026-02-17
Type: Minor Release (Extensions + Documentation)

Overview

Version 0.22.0 introduces optional extension etc/ hook sourcing for
environment and alias customization, with a safe opt-in design. It also
simplifies the Oracle homes template header while aligning it with the actual
parser format.

✨ Added

Opt-In Extension etc Hooks

• Added optional extension hook loading for:
  • etc/env.sh
  • etc/aliases.sh
• Hook loading is disabled by default and controlled globally with:
  • ORADBA_EXTENSIONS_SOURCE_ETC=true
• Per-extension opt-in via .extension metadata:
  • load_env: true
  • load_aliases: true
• Added corresponding config docs in:
  • src/etc/oradba_standard.conf
  • src/templates/etc/oradba_customer.conf.example

🔄 Changed

Oracle Homes Template Header Simplification

• Shortened src/templates/etc/oradba_homes.conf.template header
• Reduced examples to a concise set
• Kept only essential format/field guidance
• Corrected template documentation to match actual colon-delimited parser order

🚀 Upgrade Notes

No breaking changes.

Existing extensions continue to load as before. Extension etc hooks are only
sourced when explicitly enabled via the global switch and per-extension metadata.

Release Notes v0.21.5

Release Date: 2026-02-16
Type: Patch Release (Bug Fixes)

Overview

Version 0.21.5 fixes GitHub extension install and update behavior in
oradba_extension.sh add to use extension release packages instead of source
repository archives when releases provide package assets.

🐛 Fixes

GitHub Extension Install Uses Release Assets

• Prefer release asset archives (.tar.gz / .tgz) from GitHub releases
  (browser_download_url) for add <owner/repo> and add <owner/repo> --update
• Avoid installing repository-only content from source tarballs (for example:
  .github/ and tests/)
• Keep fallback to source tarball_url only when no release asset archive exists
• Ensure extension package metadata files such as .extension.checksum are
  installed when provided by the extension release

📝 Documentation Updates

• Updated extension update behavior details in
  doc/extension-system.md (backup naming and preservation behavior)
• Updated release docs examples in doc/releases/README.md

📊 Test Coverage

• Total Tests: 1516 tests (100% passing)
• Functions Documented: 437 functions (100% documented)
• Plugin Interface: v1.0.0

🚀 Upgrade Notes

No breaking changes. Existing extension update workflows remain compatible.

Release Notes v0.21.4

Release Date: 2026-02-16
Type: Patch Release (Documentation)

Overview

Version 0.21.4 delivers documentation maintenance updates. It removes stale
version references, fixes outdated links, and improves release note
maintainability by reducing hardcoded version values.

📝 Documentation Updates

Release and Developer Docs Cleanup

• Refresh doc/releases/README.md to avoid hardcoded "latest" version references
• Remove broken references from doc/README.md and point to maintained locations
• Update doc/extension-system.md links to existing documentation paths
• Simplify root README.md by removing unnecessary inline version qualifiers

📊 Test Coverage

• Total Tests: 1516 tests (100% passing)
• Functions Documented: 437 functions (100% documented)
• Plugin Interface: v1.0.0

🚀 Upgrade Notes

No functional changes. Documentation only.