From: Mike Rylander <mrylander@gmail.com>
Date: Tue, 21 Feb 2023 21:46:19 +0000 (-0500)
Subject: Malicious search protect release notes
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=d683e81e2068da3e54ee7165b3c01d7d46fc2c79;p=Evergreen.git

Malicious search protect release notes

Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
---

diff --git a/docs/RELEASE_NOTES_NEXT/Architecture/Malicious-search-protection.adoc b/docs/RELEASE_NOTES_NEXT/Architecture/Malicious-search-protection.adoc
new file mode 100644
index 0000000000..de67f38191
--- /dev/null
+++ b/docs/RELEASE_NOTES_NEXT/Architecture/Malicious-search-protection.adoc
@@ -0,0 +1,23 @@
+== Malicious Search Protection ==
+
+Evergreen sometimes sees some "novel" query strings in the wild that
+cause the search backend to time out or worse.  These are sometimes
+malicious and sometimes accidental, but the effect on users is the
+same.
+
+The changes here improve query compilation in several respects in order
+to reduce the chances of an overly complex query causing problems for
+the search subsystem.
+
+More work is done up front to simplify and combine parts of the
+resulting SQL, allowing more work to be done closer to the data.
+This change allows Evergreen to handle many more tested or chained
+boolean expressions, and negated terms are now handled directly in
+line with other adjacent terms. Phrases (exact matches) are now
+searched for using Postgres' adjacency tsearch operator.
+
+All of these changes work together to improve performance by getting
+more search work done in fewer database operations while protecting
+against certain query constructs that have caused problems in the
+past.
+