Update cpp.mdx

updated changelog

backend/src/services/identity-access-token/identity-access-token-dal.ts

@@ -30,17 +30,10 @@ export const identityAccessTokenDALFactory = (db: TDbClient) => {
   const removeExpiredTokens = async (tx?: Knex) => {
     logger.info(`${QueueName.DailyResourceCleanUp}: remove expired access token started`);
 
-    const BATCH_SIZE = 10000;
-    const MAX_RETRY_ON_FAILURE = 3;
-    const QUERY_TIMEOUT_MS = 10 * 60 * 1000; // 10 minutes
     const MAX_TTL = 315_360_000; // Maximum TTL value in seconds (10 years)
 
-    let deletedTokenIds: { id: string }[] = [];
-    let numberOfRetryOnFailure = 0;
-    let isRetrying = false;
-
-    const getExpiredTokensQuery = (dbClient: Knex | Knex.Transaction) =>
-      dbClient(TableName.IdentityAccessToken)
+    try {
+      const docs = (tx || db)(TableName.IdentityAccessToken)
         .where({
           isAccessTokenRevoked: true
         })
@@ -54,64 +47,34 @@ export const identityAccessTokenDALFactory = (db: TDbClient) => {
             );
         })
         .orWhere((qb) => {
-          void qb.where("accessTokenTTL", ">", 0).andWhereRaw(
-            `
-              -- Check if the token's effective expiration time has passed.
-              -- The expiration time is calculated by adding its TTL to its last renewal/creation time.
-              COALESCE(
-                "${TableName.IdentityAccessToken}"."accessTokenLastRenewedAt", -- Use last renewal time if available
-                "${TableName.IdentityAccessToken}"."createdAt"                 -- Otherwise, use creation time
-              )
-              + make_interval(
-                  secs => LEAST(
-                    "${TableName.IdentityAccessToken}"."accessTokenTTL",      -- Token's specified TTL
-                    ?                                                         -- Capped by MAX_TTL (parameterized value)
-                  )
-                )
-              < NOW()                                                         -- Check if the calculated time is before now
-              `,
+          void qb.where("accessTokenTTL", ">", 0).andWhere((qb2) => {
+            void qb2
+              .where((qb3) => {
+                void qb3
+                  .whereNotNull("accessTokenLastRenewedAt")
+                  // accessTokenLastRenewedAt + convert_integer_to_seconds(accessTokenTTL) < present_date
+                  .andWhereRaw(
+                    `"${TableName.IdentityAccessToken}"."accessTokenLastRenewedAt" + make_interval(secs => LEAST("${TableName.IdentityAccessToken}"."accessTokenTTL", ?)) < NOW()`,
+                    [MAX_TTL]
+                  );
+              })
+              .orWhere((qb3) => {
+                void qb3
+                  .whereNull("accessTokenLastRenewedAt")
+                  // created + convert_integer_to_seconds(accessTokenTTL) < present_date
+                  .andWhereRaw(
+                    `"${TableName.IdentityAccessToken}"."createdAt" + make_interval(secs => LEAST("${TableName.IdentityAccessToken}"."accessTokenTTL", ?)) < NOW()`,
                     [MAX_TTL]
                   );
               });
-
-    do {
-      try {
-        const deleteBatch = async (dbClient: Knex | Knex.Transaction) => {
-          const idsToDeleteQuery = getExpiredTokensQuery(dbClient).select("id").limit(BATCH_SIZE);
-          return dbClient(TableName.IdentityAccessToken).whereIn("id", idsToDeleteQuery).del().returning("id");
-        };
-
-        if (tx) {
-          // eslint-disable-next-line no-await-in-loop
-          deletedTokenIds = await deleteBatch(tx);
-        } else {
-          // eslint-disable-next-line no-await-in-loop
-          deletedTokenIds = await db.transaction(async (trx) => {
-            await trx.raw(`SET statement_timeout = ${QUERY_TIMEOUT_MS}`);
-            return deleteBatch(trx);
           });
-        }
-
-        numberOfRetryOnFailure = 0; // reset
-      } catch (error) {
-        numberOfRetryOnFailure += 1;
-        logger.error(error, "Failed to delete a batch of expired identity access tokens on pruning");
-      } finally {
-        // eslint-disable-next-line no-await-in-loop
-        await new Promise((resolve) => {
-          setTimeout(resolve, 10); // time to breathe for db
-        });
-      }
-      isRetrying = numberOfRetryOnFailure > 0;
-    } while (deletedTokenIds.length > 0 || (isRetrying && numberOfRetryOnFailure < MAX_RETRY_ON_FAILURE));
-
-    if (numberOfRetryOnFailure >= MAX_RETRY_ON_FAILURE) {
-      logger.error(
-        `IdentityAccessTokenPrune: Pruning failed and stopped after ${MAX_RETRY_ON_FAILURE} consecutive retries.`
-      );
-    }
-
+        })
+        .delete();
+      await docs;
       logger.info(`${QueueName.DailyResourceCleanUp}: remove expired access token completed`);
+    } catch (error) {
+      throw new DatabaseError({ error, name: "IdentityAccessTokenPrune" });
+    }
   };
 
   return { ...identityAccessTokenOrm, findOne, removeExpiredTokens };

docs/changelog/overview.mdx

@@ -4,6 +4,61 @@ title: "Changelog"
 
 The changelog below reflects new product developments and updates on a monthly basis.
 
+
+## July 2025
+- Improved speed performance of audit log filtering. 
+- Revamped password reset flow pages.
+- Added support for [Bitbucket for Secret Scanning](https://infisical.com/docs/documentation/platform/secret-scanning/bitbucket).  
+- Released Secret Sync for [Zabbix](https://infisical.com/docs/integrations/secret-syncs/zabbix).
+
+
+
+## June 2025
+- Released Secret Sync for [1Password](https://infisical.com/docs/integrations/secret-syncs/1password), [Heroku](https://infisical.com/docs/integrations/secret-syncs/heroku), [Fly.io](https://infisical.com/docs/integrations/secret-syncs/flyio), and [Render](https://infisical.com/docs/integrations/secret-syncs/render). 
+- Added support for [Kubernetes dynamic secrets](https://infisical.com/docs/documentation/platform/dynamic-secrets/kubernetes) to generate service account tokens
+- Released Secret Rotation for [MySQL](https://infisical.com/docs/documentation/platform/secret-rotation/mysql-credentials) and [OracleDB](https://infisical.com/docs/documentation/platform/secret-rotation/oracledb-credentials) as well as Dynamic Secrets for [Vertica](https://infisical.com/docs/documentation/platform/dynamic-secrets/vertica) and [GitHub App Tokens](https://infisical.com/docs/documentation/platform/dynamic-secrets/github). 
+- Added support for Azure Auth in ESO. 
+- [Kubernetes auth](https://infisical.com/docs/documentation/platform/identities/kubernetes-auth) now supports gateway as a token reviewer.
+- Revamped [Infisical CLI](https://infisical.com/docs/cli/commands/login) to auto-open login link. 
+- Rolled out [Infisical Packer integration](https://infisical.com/docs/integrations/frameworks/packer).
+- Released [AliCloud Authentication method](https://infisical.com/docs/documentation/platform/identities/alicloud-auth).
+- Added support for [multi-step approval workflows](https://infisical.com/docs/documentation/platform/pr-workflows).
+- Revamped UI for Access Controls, Access Tree, Policies, and Approval Workflows. 
+- Released [TLS Certificate Authentication method](https://infisical.com/docs/documentation/platform/identities/tls-cert-auth). 
+- Added ability to copy session tokens in the Infisical Dashboard.
+- Expanded resource support for [Infisical Terraform Provider](https://infisical.com/docs/integrations/frameworks/terraform).
+
+
+## May 2025
+- Added support for [Microsoft Teams integration](https://infisical.com/docs/documentation/platform/workflow-integrations/microsoft-teams-integration).
+- Released [Infisical Gateway](https://infisical.com/docs/documentation/platform/gateways/overview) for accessing private network resources from Infisical. 
+- Added support for [Host Groups](https://infisical.com/docs/documentation/platform/ssh/host-groups) in Infisical SSH.
+- Updated the designs of all emails send by Infisical. 
+- Added secret rotation support for [Azure Client](https://infisical.com/docs/documentation/platform/secret-rotation/azure-client-secret).
+- Released secret sync for [HashiCorp Vault](https://infisical.com/docs/integrations/secret-syncs/hashicorp-vault).  
+- Made significant improvements to [Infisical Secret Scanning](https://infisical.com/docs/documentation/platform/secret-scanning/overview).
+- Released [Infisical ACME Client](https://infisical.com/docs/documentation/platform/pki/acme-ca#certificates-with-acme-ca).
+- [Access requests](https://infisical.com/docs/documentation/platform/access-controls/access-requests) now support "break-glass" policies.
+- Updated [Point-in-time Recovery](https://infisical.com/docs/documentation/platform/pit-recovery) UI/UX.
+- Redesigned [Approval Workflows and Change Requests](https://infisical.com/docs/documentation/platform/pr-workflows) user interface. 
+
+
+## April 2025
+
+- Released ability to [request access to projects](https://infisical.com/docs/documentation/platform/access-controls/project-access-requests#project-access-requests). 
+- Updated UI for Audit Logs and Log Filtering.
+- Launched [Infisical SSH V2](https://infisical.com/docs/documentation/platform/ssh/overview).
+- Developer [Infisical MCP](https://github.com/Infisical/infisical-mcp-server).
+- Added support for [Spotify Backstage Infisical plugin](https://infisical.com/docs/integrations/external/backstage).
+- Added secret syncs for Terraform Cloud, Vercel, Windmill, TeamCity, and Camunda.
+- Released [Auth0 Client Secret Rotation](https://infisical.com/docs/documentation/platform/secret-rotation/auth0-client-secret).
+- Launched [Infisical C++ SDK](https://github.com/Infisical/infisical-cpp-sdk).
+- Service tokens will now get expiry notifications. 
+- Added Infisical [Linux binary](https://infisical.com/docs/self-hosting/reference-architectures/linux-deployment-ha#linux-ha). 
+- Released ability to perform user impersonation. 
+- Added support for [LDAP password rotation](https://infisical.com/docs/documentation/platform/secret-rotation/ldap-password). 
+
+
 ## March 2025
 
 - Released [Infisical Gateway](https://infisical.com/docs/documentation/platform/gateways/overview) for secure access to private resources without needing direct inbound connections to private networks.

docs/docs.json

@@ -2189,6 +2189,7 @@
               "sdks/languages/python",
               "sdks/languages/java",
               "sdks/languages/csharp",
+              "sdks/languages/cpp",
               "sdks/languages/go",
               "sdks/languages/ruby"
             ]

docs/sdks/languages/cpp.mdx

@@ -0,0 +1,6 @@
+---
+title: "Infisical C++ SDK"
+sidebarTitle: "C++"
+url: "https://github.com/Infisical/infisical-cpp-sdk/?tab=readme-ov-file#infisical-c-sdk"
+icon: "c"
+---

docs/sdks/overview.mdx

@@ -25,6 +25,9 @@ From local development to production, Infisical SDKs provide the easiest way for
     <Card href="https://github.com/Infisical/infisical-dotnet-sdk?tab=readme-ov-file#infisical-net-sdk" title=".NET" icon="bars" color="#368833">
       Manage secrets for your .NET application on demand
     </Card>
+    <Card href="https://github.com/Infisical/infisical-cpp-sdk/?tab=readme-ov-file#infisical-c-sdk" title="C++" icon="c" color="#b00dd1">
+      Manage secrets for your C++ application on demand
+    </Card>
     <Card href="/sdks/languages/ruby" title="Ruby" icon="diamond" color="#367B99">
       Manage secrets for your Ruby application on demand
     </Card>

frontend/src/pages/secret-manager/OverviewPage/components/SecretOverviewTableRow/SecretOverviewTableRow.tsx

@@ -174,7 +174,7 @@ export const SecretOverviewTableRow = ({
                   )}
                   {isSecretEmpty && (
                     <Tooltip content="Empty value">
-                      <FontAwesomeIcon size="sm" icon={faCircle} />
+                      <FontAwesomeIcon size="sm" icon={faCircle} className="text-yellow" />
                     </Tooltip>
                   )}
                 </div>