I have reverted the change of tagging 3.2.0 to the Fix Version of various JIRAs. ________________________________ From: Aman Raj <raja...@microsoft.com.INVALID> Sent: Thursday, November 17, 2022 5:57 PM To: dev@hive.apache.org <dev@hive.apache.org> Subject: Re: [EXTERNAL] Re: Proposal : New Release 3.2.0 | Fixing CVE's and Bugs on apache hive branch-3
Sure Stamatis. Will revert those changes. Thanks, Aman. Get Outlook for Android<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2FAAb9ysg&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184244542%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=kIyIEBvHZTDkei5hHikwPwwomrXbyWa8vB3kriPqsd0%3D&reserved=0> ________________________________ From: Stamatis Zampetakis <zabe...@gmail.com> Sent: Thursday, November 17, 2022, 3:05 PM To: dev@hive.apache.org <dev@hive.apache.org> Subject: Re: [EXTERNAL] Re: Proposal : New Release 3.2.0 | Fixing CVE's and Bugs on apache hive branch-3 Hey Aman, Thanks for pushing this forward. I show you updated the Fix Version field in a couple of JIRAs; please revert these changes. According to the Hive JIRA guidelines [1], the Fix Version should be set when the fix is committed; you may want to use the Target Version field instead. If you want to track progress then you may need to create new tickets for the backports cause existing tickets should not be reopened. Best, Stamatis [1] https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FHive%2FHowToContribute%23HowToContribute-JIRAGuidelines&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184244542%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=MlT0X%2BiZuD5ch%2F%2FIsQJRxT2EARSW0W5MUdhzPDYNxes%3D&reserved=0 On Thu, Nov 17, 2022 at 8:35 AM Aman Raj <raja...@microsoft.com.invalid> wrote: > Hi everyone, > > I have started categorizing tasks into 4 categories (created 4 subtasks on > the umbrella JIRA for the same): > > 1. CVE fixes > 2. Component Upgrades > 3. Bug fixes and Improvements on top of branch-3 commits. > 4. Differences between branch-3 and Hive-3.1.3 commits (The is no task > involved in this as of now. Just a way to track what all commits went in > after 3.1.3 in branch-3) > > I have created a new label (release-3.2.0) which can be used to create > subtasks involving the backports of the JIRAs mentioned in these 4 Subtasks. > > I would welcome the community to add more JIRAs which match these > categories and update the JIRA page as well. > > The parent JIRA fyi : > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26748&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184244542%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=DHsKSYUOtJc5HhqnjaAajYuJbsO2VuRgX%2BIy3eJpqDk%3D&reserved=0 > > Thanks, > Aman. > ________________________________ > From: Aman Raj <raja...@microsoft.com.INVALID> > Sent: Thursday, November 17, 2022 12:09 PM > To: dev@hive.apache.org <dev@hive.apache.org> > Subject: Re: [EXTERNAL] Re: Proposal : New Release 3.2.0 | Fixing CVE's > and Bugs on apache hive branch-3 > > [You don't often get email from raja...@microsoft.com.invalid. Learn why > this is important at https://aka.ms/LearnAboutSenderIdentification ] > > Hi everyone, > > I thank everyone who upvoted for this release and I am sure we will make > it a success. As a start point, I have created an umbrella JIRA > [HIVE-26748] Prepare for Hive 3.2.0 Release - ASF JIRA (apache.org)< > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26748&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184244542%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=DHsKSYUOtJc5HhqnjaAajYuJbsO2VuRgX%2BIy3eJpqDk%3D&reserved=0> > where I will start adding the JIRAs that will be cherry picked as part of > the 3.2.0 release. I have also included the suggestions given by the > community till now in the email threads below. > > Please feel free to suggest any new and important bug fixes or features > that can be included as part of this release. > > Thanks, > Aman. > ________________________________ > From: Naveen Gangam <ngan...@cloudera.com.INVALID> > Sent: Tuesday, November 8, 2022 7:49 PM > To: dev@hive.apache.org <dev@hive.apache.org> > Subject: Re: [EXTERNAL] Re: Proposal : New Release 3.2.0 | Fixing CVE's > and Bugs on apache hive branch-3 > > [You don't often get email from ngan...@cloudera.com.invalid. Learn why > this is important at https://aka.ms/LearnAboutSenderIdentification ] > > Thank you Aman for volunteering to drive this. +1 for a release off > branch-3. We can fix all the CVEs we have fixed on master. > > IMHO, the hadoop upgrade might be too big a task for this release. Last I > checked, there were some pending items from this upgrade even on master. > They may not be hard dependencies but if we are committing to this, might > take a bit longer to finish the release. > > I started to build this Jira Board for the releases. The goal was to use > this to track release items (for all releases) via the use of jira > labels/target versions. > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fsecure%2FRapidBoard.jspa%3FrapidView%3D564&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184244542%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=R7%2BS1FphHUJvTrXBNJkvl5iu3iEALQJOByUUgh96mzc%3D&reserved=0 > At the top of this board, there are some quick filters for release blockers > (jiras with labels "hive-4.0.0-must"). There are currently only 2 jiras > tagged as blockers for 4.0. > > If you could tag the jiras for 3.2 release the same way, and add a quick > filter, that would be great. > > Thank you again > Naveen > > On Fri, Nov 4, 2022 at 7:01 AM Stamatis Zampetakis <zabe...@gmail.com> > wrote: > > > Hey everyone, > > > > It would be nice to have a new release from branch 3 although it might > not > > be that trivial to get out. > > > > It will definitely require a bit of investment from multiple people > > including the PMC and the committers of the project. Note that the last > > vote for alpha2 was unsuccessful due to lack of votes, which shows that > > people are pretty busy. > > > > Personally, I support this effort and would like to see it happen but > this > > period I don't have sufficient time to invest to help with reviews and > > commits for 3.X line. > > > > Best, > > Stamatis > > > > On Fri, Nov 4, 2022, 5:28 AM Aman Raj <raja...@microsoft.com.invalid> > > wrote: > > > > > Hi Chris, > > > > > > I plan on going through this diff and making a comprehensive list of > all > > > the major bug fixes that went into branch-3 and not in hive-313. This > > will > > > be included in the umbrella JIRA that I am creating. > > > > > > In this email thread I have only mentioned CVEs and upgrades that will > go > > > on top of these changes in branch-3. > > > Thanks, > > > Aman. > > > > > > ________________________________ > > > From: Chris Nauroth <cnaur...@apache.org> > > > Sent: Friday, November 4, 2022 3:44 AM > > > To: dev@hive.apache.org <dev@hive.apache.org> > > > Subject: Re: [EXTERNAL] Re: Proposal : New Release 3.2.0 | Fixing CVE's > > > and Bugs on apache hive branch-3 > > > > > > I noticed that there is a pretty large delta (256 commits) between > > release > > > 3.1.3 and the current branch-3: > > > > > > > git log --oneline rel/release-3.1.3..upstream-branch-3 | wc > > > 256 4208 33558 > > > > > > I just wanted to mention that a release from branch-3 would include far > > > more than what we are cataloging on this mail thread. > > > > > > Chris Nauroth > > > > > > > > > On Thu, Nov 3, 2022 at 12:16 PM Pravin Sinha <mailpravi...@gmail.com> > > > wrote: > > > > > > > +1, > > > > > > > > Thanks for driving this, Aman. Apart from CVE fixes, do you have a > list > > > of > > > > JIRAs to be targeted? > > > > > > > > -Pravin > > > > > > > > On Thu, Nov 3, 2022 at 11:12 PM Chris Nauroth <cnaur...@apache.org> > > > wrote: > > > > > > > > > Thank you for driving this! > > > > > > > > > > To kick things off, I have filed HIVE-26702 for a backport of > > > HIVE-17315 > > > > (a > > > > > total of 5 sub-tasks/patches) to 3.2.0. This adds support for more > > > > flexible > > > > > configuration of the metastore's database connection pooling. > > > Dataproc's > > > > > distribution has been running this in production backported onto > > > release > > > > > 3.1.3, so I can provide the patches. > > > > > > > > > > May I assume that our intent is to keep 3.2.x backward-compatible > > with > > > > > 3.1.x? > > > > > > > > > > Chris Nauroth > > > > > > > > > > > > > > > On Thu, Nov 3, 2022 at 3:53 AM Sankar Hariappan > > > > > <sankar.hariap...@microsoft.com.invalid> wrote: > > > > > > > > > > > +1, I'm excited to see the scope includes important upgrades and > > CVE > > > > > fixes. > > > > > > We should carefully port the relevant patches from master as code > > has > > > > > been > > > > > > heavily refactored. But, it make perfect sense to give another > 3.x > > > > > release > > > > > > from Hive to keep the users delighted. > > > > > > Thanks Aman for the initiative! > > > > > > > > > > > > Thanks, > > > > > > Sankar > > > > > > > > > > > > -----Original Message----- > > > > > > From: 张铎(Duo Zhang) <palomino...@gmail.com> > > > > > > Sent: Thursday, November 3, 2022 2:53 PM > > > > > > To: dev@hive.apache.org > > > > > > Subject: [EXTERNAL] Re: Proposal : New Release 3.2.0 | Fixing > CVE's > > > and > > > > > > Bugs on apache hive branch-3 > > > > > > > > > > > > [You don't often get email from palomino...@gmail.com. Learn why > > > this > > > > is > > > > > > important at https://aka.ms/LearnAboutSenderIdentification ] > > > > > > > > > > > > +1, and please include HIVE-24694... > > > > > > > > > > > > Thanks. > > > > > > > > > > > > Aman Raj <raja...@microsoft.com.invalid> 于2022年11月3日周四 17:03写道: > > > > > > > > > > > > > > Hi team, > > > > > > > > > > > > > > > > > > > > > We know that Hive 4.0.0 release is ongoing but considering the > > > number > > > > > of > > > > > > changes going into the release, it will take some iterations to > > come > > > up > > > > > > with the stable version for the same. Meanwhile there are a lot > of > > > > issues > > > > > > in Hive 3.1.3 which our customers have reported. In this > scenario, > > it > > > > > makes > > > > > > sense to make a release from branch-3 which will have all the > > > necessary > > > > > > upgrades, bug and CVE fixes which are causing issues to the > > existing > > > > > > customers. Also, Hive is still using Hadoop 3.1.0 whereas Spark > 3.3 > > > has > > > > > > already moved to Hadoop 3.3.1. Therefore, we need to do the same > > for > > > > > hive. > > > > > > > > > > > > > > > > > > > > > > > > > > > > I will be happy to take the ownership of this new release and > > will > > > be > > > > > > creating JIRA's for all the fixes that will go on with this > > release. > > > > > > > > > > > > > > > > > > > > > > > > > > > > Therefore, I am proposing a new release cut out from branch-3. > > The > > > > > > release version would be hive-3.2.0. > > > > > > > > > > > > > > > > > > > > > > > > > > > > This version will include major upgrades as: > > > > > > > > > > > > > > 1. Hadoop version upgrade to 3.3.4 > > > > > > > 2. Zookeeper version upgrade to 3.6.3 > > > > > > > 3. Tez version upgrade to 0.10.2 > > > > > > > 4. Calcite version upgrade to 1.25.0 > > > > > > > 5. Orc version upgrade to 1.6.9 > > > > > > > > > > > > > > This version will also include major CVE fixes as follows: > > > > > > > > > > > > > > 1. NVD - CVE-2020-13949 (nist.gov)< > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-13949&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184244542%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=vDI4iLVdJ6BwNloMXIraGMUmS2piEwzSixbYfidao%2BY%3D&reserved=0 > > > > > > > > > > > > - Libthrift Upgrade to 0.14.1 (OSS Jira : > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25098&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184244542%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=eG%2FTn7lyZZXF2qTE3C4XyhAsjJg%2F3JrCCKDRcDX72ow%3D&reserved=0 > > > > > > < > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25098&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7OwMw7mFSVgewX%2FBBMrwX%2BlJbadMTC43k%2Fp8EvtlIY8%3D&reserved=0 > > > > > > >) > > > > > > > > > > > > > > 1. NVD - CVE-2015-1832 (nist.gov)< > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2015-1832&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lBY9Fq2nfZjMGvmGnp7F8vyjnimjo1lE5s8kAT%2FrxqA%3D&reserved=0 > > > > > > > > > > > > - Derby upgrade to 10.14.2.0 (OSS Jira : > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%2540hive.apache.org%2Fmsg142721.html&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lKm8XpT%2BdxCs2GFVr0KPJ1Koc574%2FWd9NI0mTOAdYEY%3D&reserved=0 > > > > > > < > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%2540hive.apache.org%2Fmsg142721.html&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lKm8XpT%2BdxCs2GFVr0KPJ1Koc574%2FWd9NI0mTOAdYEY%3D&reserved=0 > > > > > > >) > > > > > > > > > > > > > > 1. NVD - CVE-2013-4002 (nist.gov)< > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2013-4002&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=E%2B17xPlchtjD3IxKBth%2BS3EYhkeR4cpRD9RHQTnoKAc%3D&reserved=0 > > > > > > > > > > > > - Xerces Upgrade to 2.12.2 (OSS Jira : > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25920&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9QrWztWrxPSmZ%2F7n612rn0iVFIItZc3%2F5tCkiSXWwNQ%3D&reserved=0 > > > > > > < > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25920&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9QrWztWrxPSmZ%2F7n612rn0iVFIItZc3%2F5tCkiSXWwNQ%3D&reserved=0 > > > > > > >) > > > > > > > > > > > > > > 1. NVD - CVE-2020-36518 (nist.gov)< > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-36518&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=TeKAAq97hAzxtHYVy1682hN4OsHrU9FagWeYhfT8b40%3D&reserved=0 > > > > > > > > > > > > - Jackson upgrade to 2.12.7 (OSS Jira : > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%40hive.apache.org%2Fmsg142871.html&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=TT6IxVFN1p2P7lBFmvkDmk18JYf%2F3rbe%2FYkvvZu9L7I%3D&reserved=0 > > > > > > < > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%40hive.apache.org%2Fmsg142871.html&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=TT6IxVFN1p2P7lBFmvkDmk18JYf%2F3rbe%2FYkvvZu9L7I%3D&reserved=0 > > > > > > >) > > > > > > > > > > > > > > 1. NVD - CVE-2022-23221 (nist.gov)< > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2022-23221&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CsH1BrSXYZQ9iKXi2JhB5lbDMzKcv1lS%2B9ZZ7W9sn%2BM%3D&reserved=0 > > > > > > > > > > > > - Upgrade H2 database version to 2.1.210 (OSS Jira : > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25945&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=GIYE%2BPDEtC6S17TMHU%2BMh55qNe5Fj02sBW419YO3CYU%3D&reserved=0 > > > > > > < > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25945&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=GIYE%2BPDEtC6S17TMHU%2BMh55qNe5Fj02sBW419YO3CYU%3D&reserved=0 > > > > > > >) > > > > > > > > > > > > > > 1. WS-2021-0419 | Mend Vulnerability Database< > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mend.io%2Fvulnerability-database%2FWS-2021-0419&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hgJfayXq2y71WpxOaX2ZrKBNg%2Fw2VIFfZF49mybD3Zk%3D&reserved=0 > > > > > > > > > > > > - Upgrade gson to 2.8.9 (OSS Jira : > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26078&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=crx3xvt2Shi0IMdDzl7nUqkGP%2BfQilL0XCUrMhkNWzw%3D&reserved=0 > > > > > > < > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26078&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=crx3xvt2Shi0IMdDzl7nUqkGP%2BfQilL0XCUrMhkNWzw%3D&reserved=0 > > > > > > >) > > > > > > > > > > > > > > 1. NVD - CVE-2020-11979 (nist.gov)< > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-11979&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=AdXvV0T2Kd3wos55eyGIkftEflzheGRINK34i2IpMFI%3D&reserved=0 > > > > > > > > > > > > - Upgrade ant to 1.10.9 (OSS Jira : [HIVE-26081] Upgrade ant to > > > 1.10.9 > > > > - > > > > > > ASF JIRA (apache.org)< > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26081&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=WBQ%2FuzajJ6p8Nl9QND1SSNXj1%2FpcZcczTTfE36uG8b8%3D&reserved=0 > > > > > > >) > > > > > > > > > > > > > > 1. NVD - CVE-2020-17533 (nist.gov)< > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-17533&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=XEmPFxfvJ3Ne0zIX7jE8K7WK8jbRWyBff%2Bo2JVeNU7c%3D&reserved=0 > > > > > > > > > > > > - Upgrade accumulo-core to 1.10.1 (OSS Jira : [HIVE-26080] > Upgrade > > > > > > accumulo-core to 1.10.1 - ASF JIRA (apache.org)< > > > > > > > > > > > > > > > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26080&data=05%7C01%7Crajaman%40microsoft.com%7C7e5f5c91dadc4f77098608dac8973ad8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042849184400741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=orkYr775JK96Os%2BopgNkJrlRLEd%2FJNkyKMSt99VQDUw%3D&reserved=0 > > > > > > >) > > > > > > > > > > > > > > > > > > > > > > > > > > > > The version can also contain critical bug fixes that have been > > > fixed > > > > in > > > > > > Open-Source master. Please suggest any other important backports > > that > > > > can > > > > > > be included in this section. > > > > > > > > > > > > > > I am thinking of the backport of transaction statistics related > > > > patches > > > > > > to enable better CBO for ACID tables and datanucleus changes to > 5.x > > > can > > > > > be > > > > > > some bug fixes that we can consume in this release. This is an > Open > > > > forum > > > > > > and I welcome your suggestions on the same. > > > > > > > > > > > > > > > > > > > > > > > > > > > > We can take a month or two to make this release after > validating > > > the > > > > > > test scenarios and use cases. I will come up with the proper > > > timelines > > > > > for > > > > > > this 3.2.0 release once we get the community approval for the > same. > > > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > Aman. > > > > > > > > > > > > > > > > > > > > > > > > > > > >
