datomic

cch1 2025-07-24T15:55:57.468419Z

Is there a metric available in the DC CloudWatch dashboard that gives an indication of the wall-clock latency between a database being advanced to a basis-t on the transactor and that same database being on other nodes either in the PCG or a QG?

cch1 2025-07-24T15:56:51.368119Z

IOW, what is the scale of "eventually" in "eventually consistent"?

Joe Lane 2025-07-24T18:22:29.915819Z

Per the https://docs.datomic.com/transactions/acid.html#implications : > Datomic provides strong consistency of the entire database I know what you're asking for, and no, there are no metrics for propagation delay of consistent database values.

cch1 2025-07-24T18:24:48.801279Z

Thanks, Joe. I was not sure how to interpret some of the metrics on the built-in dashboard and was hoping maybe there was something in there to give me a rough feel. But it was a long shot since most of the interesting candidates were only visible on the PCG and the metric I'm looking for would be on all nodes.

2025-07-24T20:38:52.699309Z

Hey folks, using datomic cloud ions, I am having this on a security scanner:

Package / Version to update
org.clojure:clojure / 1.12.0-alpha9 or latest
An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function.==================================================Lambda:
service--CreateCodeDeployDeployme-LcspR0Jg6Ab1
service-com-UpdateLambdaFromArray-BnmZ2Yx4OGQV
service-compu-GetDeploymentStatus-6GCDxubQ6kk6Vulnerability: CWE-117 - Log injection
Severity: High
Location: index.js

Alex Miller (Clojure team) 2025-07-24T20:42:57.891959Z

the CVE in question relates to using Java serialization to deserialize object graphs from untrusted sources (where a maliciously crafted object graph could be deserialized). If you don't do that, you are unaffected.

👍 1
2025-07-24T20:43:34.769859Z

ok yeah makes sense

Alex Miller (Clojure team) 2025-07-24T20:44:57.874409Z

I'm assuming this is https://nvd.nist.gov/vuln/detail/CVE-2024-22871 which was closed in Clojure 1.11.3 and 1.12.0

2025-07-24T20:45:43.742839Z

datomic cloud can be updated to clojure 1.11.3 or 1.12.1?

Joe Lane 2025-07-24T21:12:07.082859Z

Datomic Cloud is already running 1.11.4 IIRC

🙏 1
2025-07-24T20:39:05.093549Z

should I be worried about it?