EventStoreDB 20.6.1 released

Mat McLoughlin  |  06 November 2020

We are pleased to announce the release of EventStoreDB 20.6.1! The release notes were published earlier this month, so we’d like to share some of the positive outcomes from the release.

Why have we gone from V5 to V20.6.1? We changed our Versioning Strategy back in May 2020 to align the version with the year it is released.

There are several great updates and a few bug fixes, so we hope this will help you utilize EventStoreDB in the most efficient way for your business.

Security and Usability

When 20.6.0 was released, security was turned on by default. We did this for several reasons, including that we and our customers are moving to cloud hosted environments, which are often exposed to the internet. In previous versions, our customers could rely on running the database in isolated environments and networks to keep their cluster secure. As security by default is an accepted best practice in the industry, we wanted to ensure security is a conscious consideration for the customer running the cluster.

This inadvertently created some usability issues for development scenarios in the 20.6.0 release, which have been corrected in 20.6.1. Public CA Certificates can now be used with EventStoreDB, which removes the hassle of creating and setting up your own CA. The new es-gencert-cli will help you generate CA and Node certificates for EventStoreDB. We also included Docker-Compose scripts to help you get a secured cluster running quickly in development.

Insecure Mode

EventStoreDB v20+ is secure by default, meaning you have to supply valid certificates and configuration for the database node to work. If you want to try the latest version of EventStoreDB with your existing applications, or run a previous version of EventStoreDB without any security in your internal networks, you can now use Insecure Mode. Insecure Mode disables all authentication, authorization and transport security for the node and any clients connected to it. You can learn more about Insecure Mode here. With the introduction of Insecure Mode, and the fact that Dev Mode should not be used in production, we have decided to remove Dev Mode. The mode relied on development certificates, which pose a security threat.  If you were previously using Dev Mode to run EventStoreDB without certificates, please run in Insecure Mode instead.


We added a new default client protocol in EventStoreDB 20.6.0, now using gRPC. It’s an open source, widely adopted standard that can be used across multiple platforms with ease. From EventStoreDB 20.6.0, we have included a .NET SDK for the new gRPC protocol.

After receiving feedback from community members, we decided to expose the cluster gossip protocol over gRPC to allow cluster-aware clients access to the gossip protocol. This has not changed the HTTP-based gossip, and any existing operational tools (such as the EventStoreDB .NET TCP Client) will continue to work.          


You can now quickly and easily run a secure cluster using the recently added Docker Compose file. This has been a requested feature for some time, and we are pleased to be able to include it in this release.

Read-Only Replicas

In all versions before EventStoreDB 20.6.0, additional nodes could be added to a cluster as clones for scaling out reads. That feature was deprecated in 20.6.0, as a clone could be promoted into the cluster, meaning the client would read from a node that would participate in normal quorum operations. In some circumstances, this can lead to the additional load being placed on the quorum node or the cluster ending up in a split-brain situation in the event of network segregation.

To prevent this, we have introduced the ability to mark a node as a read-only replica. This kind of node will not participate in elections and cannot be promoted to a follower or leader node.

Nodes-Sketch-3 (1)


We have created a tool to help create certificates for an EventStoreDB cluster. You can find instructions here for the new tool to help you create certificates. Once you have the certificates generated, you will need to configure your nodes to use them. The following configuration can be added to any existing configuration:

TrustedRootCertificatesPath: {Path to CA Directory}

CertificateFile: {Path to Certificate File}

CertificatePrivateKeyFile: {Path to Private Key File}

Server-side filtering

Inspired by Yspadadden, we have included the ability to filter reads and subscriptions on the server-side, allowing you to filter by either event type or by stream name. Our aim is to remove the need to use projections when you only want to subscribe to EventStoreDB and receive events from streams or events satisfying a particular filter. You can learn more about this from our post on server-side filtering and you can find sample code here.


The initial version of 20.6.1 contained an error in the script to uninstall 20.6.0 that affected the Packagecloud Upgrades. If you downloaded 20.6.1 before 9th October 2020, you will need to manually uninstall that version and install the  20.6.1-2 debian package. If you downloaded 20.6.1 after 9th October 2020, your download is unaffected.

We hope these changes have been useful to you. You can find out some more details on the Release Notes section of our blog. Check out our Github: if you find an issue, please check the issues already logged and report a new one if your issue isn’t on there. You can also use the active discuss channel and the #eventstore channel on the DDD-CQRS-ES Slack community.

Photo of Mat McLoughlin

Mat McLoughlin Mat is Event Store's Former Head of Developer Advocacy; he uses his previous experience as an Event Store customer building event-sourced systems to identify areas where the developer experience can be improved, and his objective is to help more developers learn and successfully implement Event Store in their systems. He has now left Event Store.