We’re excited to announce RisingWave v2.7, delivering deeper integration along with broad improvements across performance, security, and operations. This release continues to strengthen RisingWave’s Iceberg integration, making it easier and safer to run Iceberg in production. It also introduces backfill performance optimizations and LDAP authentication support, alongside many additional improvements and fixes across the system.
Follow along to learn more about some of the standout features in this version release. If you are interested in the full list of v2.7 updates, see the full release note.
Vended credentials for Iceberg
RisingWave now supports vended credentials for Iceberg REST catalogs, enabling secure, short-lived, automatically refreshed authentication when connecting to Iceberg sources and sinks. By setting catalog.type = 'rest' with vended_credentials = true, RisingWave can obtain credentials directly from the catalog’s credential-vending service, removing the need to configure long-lived static keys.
This enhancement improves security, simplifies credential management, and broadens compatibility with modern Iceberg deployments that rely on dynamic credential provisioning.
For more information, see Vended credentials.
Enhanced compaction strategies for Iceberg sinks
RisingWave extends Iceberg sink maintenance with more flexible compaction strategies. In addition to full compaction (default), you can choose small-files compaction to merge only undersized data files, or files-with-delete compaction to rewrite only data files that have accumulated delete files. Files-with-delete compaction is ideal for Merge-on-Read tables with frequent updates or deletes. Through configurable compaction parameters, you can define when compaction runs (by snapshot count or interval), how large compacted files should be, and when compaction should pause ingestion to catch up.
For more information, see Files-with-delete compaction.
Refreshable Iceberg tables
RisingWave now makes it easy to keep your Iceberg batch tables up to date. With refreshable batch Iceberg tables, you can reload all data whenever you need or let RisingWave refresh it automatically on a schedule. Simply set refresh_mode = 'FULL_RELOAD' to run REFRESH TABLE for an immediate snapshot, or use refresh_interval_sec to enable periodic refreshes. All refresh jobs are system-managed, and their status is viewable in the built-in catalogs.
For more information, see REFRESH TABLE.
Backfill performance optimization
RisingWave v2.7.0 introduces major improvements to backfill performance, making materialized view creation faster and more predictable—especially on large tables and complex pipelines.
Index selection
RisingWave can now automatically choose the most suitable index when scanning data for backfill. If a query groups or joins on a particular key, the optimizer can scan the corresponding index to read data in a locality-friendly order. This reduces the amount of data read, improves cache utilization, and speeds up MV initialization.
Index selection is controlled through enable_index_selection and is on by default.
Locality backfill (premium feature)
While index selection optimizes the scan phase, locality backfill extends locality preservation across the entire backfill pipeline. When enabled, the optimizer inserts LocalityProvider operators to keep data clustered by key as it flows through joins, aggregations, window functions, and Group TopN. This reduces data shuffling, lowers memory pressure, and improves the overall throughput of complex backfills.
You can enable it with SET enable_locality_backfill = true;. A plan using more than five LocalityProvider operators is considered a complex query and activates this as a premium feature.
For more information, see Backfilling optimization.
LDAP authentication support
RisingWave now supports LDAP (Lightweight Directory Access Protocol) authentication, allowing you to authenticate against external LDAP directory servers. It is compatible with PostgreSQL’s LDAP authentication mechanism and supports both simple bind and search+bind modes. LDAP authentication is configured through RisingWave’s HBA configuration, and your credentials are validated against the LDAP server when you connect.
For more information, see LDAP authentication.
Conclusion
These are some of the highlight features included in v2.7. To see the entire list of updates, which includes updates to source and sink connectors, please refer to the full release note.
Stay tuned for next month’s updates as we continue to enhance RisingWave with new features. Visit the RisingWave GitHub repository to explore the latest developments and planned releases.
Sign up for our monthly newsletter if you’d like to keep up to date on all the happenings with RisingWave. Follow us on Twitter and LinkedIn, and join our Slack community to talk to our engineers and hundreds of streaming enthusiasts worldwide.
