Kristian Aune

Head of Customer Success, Vespa

05 Nov 2019

In the September Vespa product update, we mentioned Tensor Float Support, Reduced Memory Use for Text Attributes, Prometheus Monitoring Support, and Query Dispatch Integrated in Container.

This month, we’re excited to share the following updates:

Nearest Neighbor and Tensor Ranking

Tensors are native to Vespa. We compared elastic.co to vespa.ai testing nearest neighbor ranking using dense tensor dot product. The result of an out-of-the-box configuration demonstrated that Vespa performed 5 times faster than Elastic. View the test results.

Optimized JSON Tensor Feed Format

A tensor is a data type used for advanced ranking and recommendation use cases in Vespa. This month, we released an optimized tensor format, enabling a more than 10x improvement in feed rate. Read more.

Matched Elements in Complex Multi-value Fields 

Vespa is used in many use cases with structured data – documents can have arrays of structs or maps. Such arrays and maps can grow large, and often only the entries matching the query are relevant. You can now use the recently released matched-elements-only setting to return matches only. This increases performance and simplifies front-end code.

Large Weighted Set Update Performance

Weighted sets in documents are used to store a large number of elements used in ranking. Such sets are often updated at high volume, in real-time, enabling online big data serving. Vespa-7.129 includes a performance optimization for updating large sets. E.g. a set with 10K elements, without fast-search, is 86.5% faster to update.

Datadog Monitoring Support

Vespa is often used in large scale mission-critical applications. For easy integration into dashboards,
Vespa is now in Datadog’s integrations-extras GitHub repository.
Existing Datadog users will now find it easy to monitor Vespa.
Read more.

About Vespa: Largely developed by Yahoo engineers, Vespa is an open source big data processing and serving engine. It’s in use by many products, such as Yahoo News, Yahoo Sports, Yahoo Finance, and the Verizon Media Ad Platform. Thanks to feedback and contributions from the community, Vespa continues to grow.

We welcome your contributions and feedback (tweet or email) about any of these new features or future improvements you’d like to request.

Andreas Eriksen

Senior Vespa Engineer

10 Dec 2021

Since early this morning (2021-12-10T06:19:15Z) we have been
investigating the potential impact on Vespa from the recently
discovered vulnerability in the log4j library
CVE-2021-44228.

Based on our investigations as well as guidance and analysis from our
security team, we currently do not believe that any published Vespa
version is vulnerable to this issue. Vespa does not include log4j
versions >= 2.0, nor any use of the vulnerable JMSAppender class
present in earlier versions of the library.

Your Vespa application may still be affected if log4j is included in
your application package, either directly or transitively! We believe
most uses of the library can be discovered by running the following
command in your application package Maven project root and inspecting
the output:

mvn dependency:tree

We will release a version of Vespa only including log4j >= 2.15 as
soon as all our dependencies have been updated.

Update: We have completely removed all use of log4j from Vespa since
version 7.520.3, released 2021-12-22.

Update 2: On Vespa Cloud,
we have enforced that user applications do not contain any log4j dependencies
older than version 2.17.1 since Vespa 7.528.38, released 2022-01-17.