The Apache Calcite team is pleased to announce the release of Apache Calcite 1.32.0.
Calcite is a dynamic data management framework. Its cost-based optimizer converts queries, represented in relational algebra, into executable plans. Calcite supports many front-end languages and back-end data engines, and includes an SQL parser and, as a sub-project, the Avatica JDBC driver. This release fixes CVE-2022-39135, an XML External Entity (XEE) vulnerability that allows a SQL query to read the contents of files via the SQL functions EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM or EXTRACT_VALUE (CALCITE-5263). Coming 1 month after 1.31.0 with 19 issues fixed by 16 contributors, this release also replaces the ESRI spatial engine with JTS and proj4j (CALCITE-4294), adds 65 spatial SQL functions including ST_Centroid, ST_Covers and ST_GeomFromGeoJSON (CALCITE-5262), adds the CHAR SQL function (CALCITE-5241), and improves the return type of the ARRAY and MULTISET functions (CALCITE-4999). You can start using it in Maven by simply updating your dependency to: <dependency> <groupId>org.apache.calcite</groupId> <artifactId>calcite-core</artifactId> <version>1.32.0</version> </dependency> If you'd like to download the source release, you can find it here: https://calcite.apache.org/downloads/ You can read more about the release (including release notes) here: https://calcite.apache.org/news/2022/09/10/release-1.32.0/ We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at: https://calcite.apache.org/ Thanks to everyone involved! Julian Hyde, on behalf of the Apache Calcite Team