+1, Thanks Aman for the initiative. On Thu, Nov 3, 2022 at 2:33 PM Aman Raj <raja...@microsoft.com> wrote:
> Hi team, > > > *We know that Hive 4.0.0 release is ongoing but considering the number of > changes going into the release, it will take some iterations to come up > with the stable version for the same. Meanwhile there are a lot of issues > in Hive 3.1.3 which our customers have reported. In this scenario, it makes > sense to make a release from branch-3 which will have all the necessary > upgrades, bug and CVE fixes which are causing issues to the existing > customers. Also, Hive is still using Hadoop 3.1.0 whereas Spark 3.3 has > already moved to Hadoop 3.3.1. Therefore, we need to do the same for hive.* > > > > *I will be happy to take the ownership of this new release and will be > creating JIRA's for all the fixes that will go on with this release.* > > > > *Therefore, I am proposing a new release cut out from branch-3. The > release version would be hive-3.2.0.* > > > > This version will include major upgrades as: > > 1. Hadoop version upgrade to 3.3.4 > 2. Zookeeper version upgrade to 3.6.3 > 3. Tez version upgrade to 0.10.2 > 4. Calcite version upgrade to 1.25.0 > 5. Orc version upgrade to 1.6.9 > > This version will also include major CVE fixes as follows: > > 1. NVD - CVE-2020-13949 (nist.gov) > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-13949&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390055897%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=s4ezoJrvuEaRcH77R990wsFVR7za%2BJEoGXyDcaj9mRE%3D&reserved=0> > - > Libthrift Upgrade to 0.14.1 (OSS Jira : > https://issues.apache.org/jira/browse/HIVE-25098 > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25098&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390055897%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ruoe71g5SDIudoTNVhQsTYwTs2r7UN1LrjL2XzOuB7g%3D&reserved=0> > ) > > > 1. NVD - CVE-2015-1832 (nist.gov) > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2015-1832&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390055897%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3Xs8rZwi2bIJEZyF%2FKf4614cBE6lmp8x%2FjvjB4FZpHs%3D&reserved=0> > - > Derby upgrade to 10.14.2.0 (OSS Jira : > https://www.mail-archive.com/dev%40hive.apache.org/msg142721.html > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%2540hive.apache.org%2Fmsg142721.html&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390055897%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8VMamTvZ7WsH5ELN5MMHrryhLgE6QhtxTzrvJqJ%2FKmY%3D&reserved=0> > ) > > > 1. NVD - CVE-2013-4002 (nist.gov) > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2013-4002&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=sHWPLpDhWgoCfmfvUFXj%2FKNPWv5Dx7a2bZYpdYHNaOk%3D&reserved=0> > - > Xerces Upgrade to 2.12.2 (OSS Jira : > https://issues.apache.org/jira/browse/HIVE-25920 > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25920&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=b8p2xL4q7eOxI1DvAXNLmpkzjcOtgd%2F9HervKbZMwJ0%3D&reserved=0> > ) > > > 1. NVD - CVE-2020-36518 (nist.gov) > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-36518&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=NUyBIEfqM4dZ15Jk8645JJIHrl8o%2Bbhfj%2BBvkwhR7Mw%3D&reserved=0> > - > Jackson upgrade to 2.12.7 (OSS Jira : > https://www.mail-archive.com/dev@hive.apache.org/msg142871.html > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%40hive.apache.org%2Fmsg142871.html&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Y9ikjhaWq76jWBxy25jRYddL%2BnbtgSOsdw0A5hAoUk8%3D&reserved=0> > ) > > > 1. NVD - CVE-2022-23221 (nist.gov) > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2022-23221&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=qWb60OLRTEA5hO7Wl2zdQH1s8DhteC1sVa8Ci0gdcR4%3D&reserved=0> > - Upgrade > H2 database version to 2.1.210 (OSS Jira : > https://issues.apache.org/jira/browse/HIVE-25945 > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25945&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6EqeYjUgBBW28GErorZgUEW2YaVN%2BLz1TAybzTWhgYQ%3D&reserved=0> > ) > > > 1. WS-2021-0419 | Mend Vulnerability Database > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mend.io%2Fvulnerability-database%2FWS-2021-0419&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Bo7Ju4cPEFk7icPPSGJbxIFnERsmSqjYgES0FWS7xyc%3D&reserved=0> > - Upgrade > gson to 2.8.9 (OSS Jira : > https://issues.apache.org/jira/browse/HIVE-26078 > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26078&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YQh%2F75TBsYKkGmeUUTM7wnhWdQ50r11fIsfqQyim11I%3D&reserved=0> > ) > > > 1. NVD - CVE-2020-11979 (nist.gov) > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-11979&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=N9dF2RGaafx4FYKbs4ppk1o%2FjtTjRkAUbko2ou4fZaU%3D&reserved=0> > - Upgrade > ant to 1.10.9 (OSS Jira : [HIVE-26081] Upgrade ant to 1.10.9 - ASF > JIRA (apache.org) > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26081&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=XwU%2BPLbaWjCSoKPgj1l8Rniglm2%2FVjHGfq7bE4Tunn8%3D&reserved=0> > ) > > > 1. NVD - CVE-2020-17533 (nist.gov) > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-17533&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mVCHR8rYUfhMeVbbB%2BJd2SNBGYOXHwM3xBwTyp8%2BUHY%3D&reserved=0> > - > Upgrade accumulo-core to 1.10.1 (OSS Jira : [HIVE-26080] Upgrade > accumulo-core to 1.10.1 - ASF JIRA (apache.org) > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26080&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dQi8mSnQiRlFgIgvm2TKegQNvZOIYequQUyCI2Oi074%3D&reserved=0> > ) > > > > The version can also contain critical bug fixes that have been fixed in > Open-Source master. *Please suggest any other important backports that > can be included in this section.* > > I am thinking of the backport of transaction statistics related patches > to enable better CBO for ACID tables and datanucleus changes to 5.x can be > some bug fixes that we can consume in this release. *This is an Open > forum and I welcome your suggestions on the same.* > > > > *We can take a month or two to make this release after validating the test > scenarios and use cases. I will come up with the proper timelines for this > 3.2.0 release once we get the community approval for the same.* > > > > Thanks, > > Aman. > >
