Also, the credit for finding this CVE goes to L0ne1y.
On Tue, Sep 17, 2024 at 11:29 PM Karan Kumar wrote:
> Severity: low
>
> Affected versions:
>
> - Apache Druid through 30.0.0
>
> Description:
>
> Apache Druid allows users with certain permissions to read data from other
> database systems us
I have cut the branch here - https://github.com/apache/druid/tree/31.0.0
On Fri, Sep 6, 2024 at 10:28 AM Abhishek Agarwal
wrote:
> +1
>
>
> On Tue, Sep 3, 2024 at 1:08 PM Amatya Avadhanula
> wrote:
>
>> Hello all,
>> I am starting a discussion for the Druid 31.
Hello everyone,
Starting this thread to discuss, if and when, we can drop Java 8 support.
We have been fully supporting Java 11 and Java 17 for a while now. Anyone,
who is looking to upgrade Druid, can safely select either of these LTS Java
runtimes. There are a few important reasons to drop Java 8
Hello everyone,
The Druid PMC has invited Zoltan to become a committer, and we are happy to
announce that he has accepted the invitation.
Hello everyone
We invited Laksh to join the Druid PMC and are pleased to announce that
Laksh has accepted the invite. Laksh has made significant contributions to
Druid, particularly in the MSQ engine.
Congratulations Laksh.
Hello everyone,
We invited Amatya to join Druid PMC and are pleased to announce that Amatya
has accepted the invite. Amatya has been a major contributor in all things
involving coordinator and overlord.
Congratulations Amatya.
Vad, The vote was closed by Laksh, given that 72 hours had passed and
artifacts had been released. Given we had the three binding +1s, we can
proceed as usual. I suggest that we call out the caveat clearly in the
release notes section.
On Mon, Feb 19, 2024 at 11:53 PM Vadim Ogievetsky
wrote:
> T
@clint - Those configs are already in SQL compatible mode by default since
28. Aren't they?
To the original question, I am ok to deprecate these configs given that we
have enough releases for folks to migrate over their queries.
On Fri, Jan 26, 2024 at 4:55 AM Clint Wylie wrote:
> >Are there an
+1 Binding
src package:
- verified signature/checksum
- LICENSE/NOTICE present
- built binary distribution,
- Loaded example koalas-to-the-max nested dataset using MSQ and ran
some
queries
- Tested Kafka ingestion locally
binary package:
- verified signature/checksum
- LICENSE/NOTICE pr
Hello everyone,
The Druid PMC has invited Brian Le to become a committer and we are pleased
to announce that Brian has accepted.
Brian has been a consistent contributor to the Apache Druid docs for over a
year and a half now. Thank you for all your work, Brian.
Thank you for volunteering, Laksh.
On Mon, Sep 25, 2023 at 10:50 AM Laksh Singla
wrote:
> Hello all,
>
> I am starting a discussion for the Druid 28.0.0 release. I am volunteering
> to be the release manager for the same. The branch for Druid 27.0.0 was cut
> on 8th July 2023, and since we do qu
at
> https://www.apache.org/security/#reporting-a-vulnerability) then we should
> take it seriously and investigate. This is the cost of having the code
> exist at all and be part of our source releases. We can only avoid _those_
> costs by removing an extension completely.
>
> On Mon, Sep 4,
Hello all
What is our current policy about addressing CVEs in contrib extensions if
we have one? As of now, before the release, the release manager will either
try to fix the CVEs or add a suppression if applicable. Unless any
developer has done that same work before the release process begins. Thi
+1 (binding)
src package:
- verified signature/checksum
- LICENSE/NOTICE present
- built binary distribution,
- Loaded example Wikipedia dataset using MSQ and ran some
queries
- Tested Kafka ingestion locally
binary package:
- verified signature/checksum
- LICENSE/NOTICE present
- built
Hello everyone,
We invited Kashif to join druid PMC and we are pleased to announce that
Kashif has accepted the invite. Of late, Kashif has done a significant
amount of work on the coordinator and overlord so that we can continue to
push the envelope when it comes to the size of the cluster.
Congr
Hi all
We invited Karan to join the Druid PMC and we are pleased to announce that
Karan has accepted the invite. As many of you know already, Karan has made
substantial contributions to the Druid and the MSQ engine that include
features such as fault tolerance and querying from deep storage.
Congr
not make unilateral
> changes to the release branches.
> If it's too cumbersome to do so, then we might want to consider removing
> the helm charts from the main branch and wait for IP clearance resolution
> before adding them back.
>
> On Wed, Jul 12, 2023 at 7:40 AM Abhishek
Since no one else has volunteered, I will take on the 1). It's possible
that we don't get IP clearance and if we don't, we will just remove the
code.
On Wed, Mar 1, 2023 at 7:14 AM Gian Merlino wrote:
> Not as far as I _know_, I mean.
>
> On 2023/03/01 01:43:43 Gian Merlino wrote:
> > Not as far
t to be in the release branch? I don't see
> a PR or review for it
>
> https://github.com/apache/druid/commit/911372d5d6523f425a46fbbafae728bdca441f0f
>
>
> Thanks,
> Xavier
>
> On Sat, Jul 8, 2023 at 6:00 AM Abhishek Agarwal
> wrote:
>
> > I have cu
I have cut the branch - https://github.com/apache/druid/tree/27.0.0.
On Sat, Jul 8, 2023 at 12:25 AM Abhishek Agarwal
wrote:
> I can do it.
>
> On Fri, Jul 7, 2023 at 10:25 PM Amatya Avadhanula
> wrote:
>
>> Hello
>>
>> As I'm traveling, I may not be able
I can do it.
On Fri, Jul 7, 2023 at 10:25 PM Amatya Avadhanula wrote:
> Hello
>
> As I'm traveling, I may not be able to cut the branch tomorrow.
> Could I please request another committer to do it in my place?
>
> Apologies for the late notice.
>
> Regards
> Amatya
>
> -
+1
Given the delays in the previous release, we should definitely cut the
branch on time so the release is not delayed like last time. That and
having a higher bar for backports.
We decided to deprecate Hadoop 2 in this release. It doesn't require any
code changes. We just need to call it out in th
I think we only need to backport high sev bug fixes for this patch release.
On Wed, 28 Jun 2023 at 5:27 PM, Amatya Apache wrote:
> Hi all,
>
> A release branch for 26.0.1 has been cut to include the patches mentioned
> in https://lists.apache.org/thread/4xl7wthc22bfszn4woytx9q6jz63clr4.
>
> Kind
Hello,
I raised an INFRA ticket (https://issues.apache.org/jira/browse/INFRA-24657)
for the druid project so the contributors don't need a committer to trigger
PR build/test. Infra has agreed to relax the restrictions enough that a
contributor will need the approval only for their first contributio
Hello everyone,
The Project Management Committee (PMC) for Apache Druid has invited Didip
to become a committer and we are pleased to announce that Didip has
accepted.
Didip is very active on the Druid slack channel and helps Druid users
troubleshoot their problems regularly. He has also fixed bu
Hello everyone,
The Project Management Committee (PMC) for Apache Druid has invited Laksh
to become a committer and we are pleased to announce that Laksh has
accepted.
Laksh has made a lot of contributions to MSQ over one year. He has been
helping the druid community on Slack. His most notable co
Hello everyone,
The Project Management Committee (PMC) for Apache Druid has invited
Tejaswini to become a committer and we are pleased to announce that
Tejaswini has accepted.
Tejaswini has been working on Apache Druid for over a year now. Her major
contribution has been porting our test infra fr
Druid is very stable. If you have specific concerns, please create a GitHub
issue.
25.0.0 was the last release we had. Starting with 24.0.0, we dropped the
leading 0. You can find the details here -
https://lists.apache.org/thread/xcfjoq696hn5w85hdgpxfb9hx4nsj4h1
In a way, we released 1.0 about 24
I would prefer using something like min.io than running tests against S3.
Primarily because tests no longer remain portable if we use S3. Which also
makes them harder to debug. Setting up minio using GHA seems
straightforward (https://github.com/mozilla/sccache/pull/1513/files).
On Mon, Mar 6, 202
+1 (binding)
src package:
- verified signature/checksum
- LICENSE/NOTICE present
- built binary distribution, Loaded example wikipedia dataset and ran some
queries
binary package:
- verified signature/checksum
- LICENSE/NOTICE present
- Loaded example wikipedia dataset and ran some queries
docke
> > mvn apache-rat:check -Prat
> > >
> > > This vote will be open for at least 72 hours. The vote will pass if a
> > > majority of at least three +1 PMC votes are cast.
> > >
> > > [ ] +1 Release this package as Apache Druid 24.0.1
> > > [ ] 0 I don't feel strongly about it, but I'm okay with the release
> > > [ ] -1 Do not release this package because...
> > >
> > > Thanks
> > > Kashif
> > >
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org
> > For additional commands, e-mail: dev-h...@druid.apache.org
> >
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org
> For additional commands, e-mail: dev-h...@druid.apache.org
>
>
--
Regards,
Abhishek Agarwal
Hello everyone,
The Project Management Committee (PMC) for Apache Druid has invited Karan
Kumar to become a committer and we are pleased to announce that Karan has
accepted.
Karan contributed group-by on arrays without unnesting (
https://github.com/apache/druid/pull/12078), an essential requirem
Yeah. That will be a great feature addition in the 25 release. Though it
will certainly be an experimental feature.
On Wed, Oct 26, 2022 at 10:18 PM Kashif Faraz wrote:
> Thanks for pointing that out, Rahul.
> We are indeed looking forward to the option of running Druid without middle
> managers
I recently learned about Apache Flink making slack conversations google
indexable through linen.dev. That might be worth exploring. Does anyone
know how it works?
On Wed, Oct 19, 2022 at 4:18 AM Eyal Yurman
wrote:
> What should we do about Slack canceling message history for free tier?
>
> Perha
f that works for you.
>
> Regards
> Kashif
>
> On Mon, Sep 26, 2022 at 3:41 PM Abhishek Agarwal <
> abhishek.agar...@imply.io> wrote:
>
>> Hi All,
>> Recently we discovered a regression (
>> https://github.com/apache/druid/pull/13138) in the 24.0.0 release.
>&g
Hello everyone,
The Project Management Committee (PMC) for Apache Druid has invited Paul
Rogers to become a committer and we are pleased to announce that Paul has
accepted.
Paul has been very active in the community. He has done a lot of thorough
code reviews. He single-handedly built the new IT
Hello everyone,
The Project Management Committee (PMC) for Apache Druid has invited Amatya
Avadhanula to become a committer and we are pleased to announce that Amatya
has accepted.
Amatya has been making a lot of fixes on the kinesis ingestion and systems
(overlord, task locking) side. He optimiz
Hi All,
Recently we discovered a regression (
https://github.com/apache/druid/pull/13138) in the 24.0.0 release. Because
of this regression, Hadoop ingestion will not work if the user has
overridden any of the `druid.extensions.*` config. Some examples below
- If a custom load list is specified, Ha
hanges in this release.
Please reach out to druid community <https://druid.apache.org/community/> if
you have any questions.
On Fri, Sep 16, 2022 at 10:14 PM Abhishek Agarwal
wrote:
> The Apache Druid team is proud to announce the release of Apache Druid
> 24.0.0.
> Druid is a high-
The Apache Druid team is proud to announce the release of Apache Druid
24.0.0.
Druid is a high-performance analytics data store for event-driven data.
Apache Druid 24.0.0 contains over 300 new features, performance
enhancements, bug fixes, and major documentation improvements from 67
contributors.
The vote has passed. The final results are here -
https://lists.apache.org/thread/0f7fgkgsydkxjmhyr32wgdwtv8tnq91h
On Sat, Sep 10, 2022 at 2:02 PM Abhishek Agarwal
wrote:
> Hi all,
> I have created a build for Apache Druid 24.0.0, release candidate 2.
>
> Thanks to everyone wh
Thanks to everyone who participated in the vote! The results are as follows:
Frank Chen: 0 (binding)
Vadim Ogievetsky: +1 (binding) (assumed binding since Vadim is a PMC member)
Clint Wylie: +1 (binding)
Jonathan Wei: +1 (binding)
The vote has passed with 3 binding +1s.
Hi all,
I have created a build for Apache Druid 24.0.0, release candidate 2.
Thanks to everyone who has helped contribute to the release. You can read
the draft release notes here:
https://github.com/apache/druid/issues/12825
The release candidate has been tagged in GitHub as druid-24.0.0-rc2
(09
Canceling this vote due to the bug described in
https://github.com/apache/druid/pull/13059. The fix is merged to 24.0
branch. I will start another vote for RC2 shortly.
On Thu, Sep 8, 2022 at 10:26 PM Abhishek Agarwal
wrote:
> Hi all,
> I have created a build for Apache Druid 24.0.0, r
Hi all,
I have created a build for Apache Druid 24.0.0, release candidate 1.
Thanks to everyone who has helped contribute to the release. You can read
the draft release notes here:
https://github.com/apache/druid/issues/12825
The release candidate has been tagged in GitHub as druid-24.0.0-rc1
(23
es:
> https://github.com/apache/druid/issues/12825
>
> Since the milestone isn't set yet, we can work from the commit for the
> 0.23.0 release to start filling in the various sections of the release
> notes.
>
> Thanks,
>
> Charles
>
> On Wed, Jul 20, 2022 at 11:41
I agree with Abhishek
> that I wouldn't want to block moving off Hadoop 2 on this. However, it'd be
> great if we could get it done before actually removing Hadoop 2 support
> from the code base.
>
>
> On Wed, Aug 3, 2022 at 6:17 AM Abhishek Agarwal >
> wrote:
>
ative, if we can merge Julian's Spark based
> ingestion PR <https://github.com/apache/druid/issues/9780>s in Druid, that
> might provide an alternate way for users to get rid of the Hadoop
> dependency.
>
> On Tue, Jul 26, 2022 at 3:19 AM Abhishek Agarwal <
> abhishek.agar..
Reviving this conversation again.
@Will - Do you still have concerns about HDFS stability? Hadoop 3 has been
around for some time now and is very stable as far as I know.
The dependencies coming from Hadoop 2 are also old enough that they cause
dependency scans to fail. E.g. Log4j 1.x dependencies
Hello everyone,
The Project Management Committee (PMC) for Apache Druid has invited Rohan
Garg to become a committer and we are pleased to announce that Rohan has
accepted.
Rohan has been an active contributor for about a year now. He has made over
20 commits. A majority of his work has been arou
Hello Druids,
We cut the 0.23.0 branch in the last week of April. So while it isn't a
long ago that druid 0.23.0 was released, technically we will cross the
3-month window at the end of July. It feels like the right time to discuss
the 24.0 release.
I am volunteering again for the 24.0 release. Le
Description:
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers
to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the
Content-Security-Policy header.
Mitigation:
Upgrade to Druid 0.23.0 or later.
---
Severity: low
Description:
In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in
unescaped URL parameters being sent back in HTML responses. This makes it
possible to execute reflected XSS attacks.
Mitigation:
Upgrade to Druid 0.23.0 or later.
Credit:
This issue was
@Clint Wylie - what do you think of the above
proposal?
On Fri, Jun 24, 2022 at 5:11 PM Abhishek Agarwal
wrote:
> I didn’t include them (RealtimeIndexTask and
> AppenderatorDriverRealtimeIndexTask) in my previous email because they have
> not been marked deprecated yet. We should
t still relies on using the older
> spec. As far as I know, Thrift is the only data format that has not
> been fully migrated to use InputFormat, though there is an old PR that
> is mostly done here https://github.com/apache/druid/pull/11360.
>
> On Thu, Jun 23,
Hello,
The `FiniteFirehoseFactory` and `InputRowParser` classes were deprecated in
0.17.0 (https://github.com/apache/druid/pull/8823) in favour of
`InputSource`. 0.17.0 was released more than 2 years ago in Jan 2020.
I think it is about time that we remove this code entirely. Removing
`InputRowPa
The Apache Druid team is proud to announce the release of Apache Druid
0.23.0.
Druid is a high-performance analytics data store for event-driven data.
Apache Druid 0.23.0 contains over 450 new features, performance
enhancements, bug fixes, and major documentation improvements from 81
contributors.
t; Binary:
> - Run the quickstart
> - Played with the depth of the console
> - Ran some queries
>
> On 2022/06/15 14:22:23 Abhishek Agarwal wrote:
> > Hi all,
> > I have created a build for Apache Druid 0.23.0, release candidate 2.
> >
> > Thanks to everyo
Hello,
Thanks to everyone who participated in the vote! The results are as follows:
Atul Mohan: +1 (binding)
Clint Wylie: +1 (binding)
Jonathan Wei: +1 (binding)
Vadim Ogievetsky: +1 (binding)
The vote has passed with 4 binding +1s.
Congratulations Victoria.
On Wed, 15 Jun 2022 at 8:29 PM, Charles Smith
wrote:
> Cheers, Victoria! 👏
>
> On Wed, Jun 15, 2022 at 2:04 AM Kashif Faraz wrote:
>
> > Congrats, Victoria! 🎉🎉
> >
> > On Wed, Jun 15, 2022 at 9:07 AM suneet Saldanha
> wrote:
> >
> > > Hey Druids,
> > >
> > > The Druid
Hi all,
I have created a build for Apache Druid 0.23.0, release candidate 2.
Thanks to everyone who has helped contribute to the release. You can read
the draft release notes here:
https://github.com/apache/druid/issues/12510
The release candidate has been tagged in GitHub as druid-0.23.0-rc2
(c0
; On Wed, Jun 8, 2022 at 7:25 AM Kashif Faraz wrote:
> >
> > > +1
> > >
> > > verified:
> > > - gpg signature
> > > - shasum
> > > - building the source artifacts (tests skipped)
> > > - rat license check
> > > - running the bi
Hi all,
I have created a build for Apache Druid 0.23.0, release candidate 1.
Thanks to everyone who has helped contribute to the release. You can read
the draft release notes here:
https://github.com/apache/druid/issues/12510
The release candidate has been tagged in GitHub as druid-0.23.0-rc1
(ef
26, 2022 at 6:49 PM Frank Chen
> wrote:
> > >>
> > >> For 0.23, I don't think we need to make changes because I think it
> may take
> > >> us some time to reach an agreement on the naming.
> > >>
> > >> We can start a new thread to
tect and prevent breaking API changes in each release. Druid has also
> > been running in production clusters for many different use cases for
> quite
> > some
> > time now. I think version 23.0 is more in line with the maturity of the
> > project.
> >
> > Is ther
>
>
> On Wed, Mar 30, 2022 at 2:15 PM Abhishek Agarwal <
> abhishek.agar...@imply.io>
> wrote:
>
> > Hello everyone,
> > It's time to kick-off the process for druid 0.23 release. I will need
> help
> > from the community in surfacing any importan
Hi Baris
I don't see an attachment in your email.
On Sat, Apr 9, 2022 at 5:38 AM Baris Dogan wrote:
> Hi,
>
> Could you just put the following CVE findings (attached into the email)
> into the next release scope which come out of trivy 0.23 tests.
>
> On 2022/03/25 03:52:50 Gian Merlino wrote:
>
Hello everyone,
It's time to kick-off the process for druid 0.23 release. I will need help
from the community in surfacing any important issues that need to be
addressed before 0.23 release. We can use this thread to discuss those
issues and take a call on how to unblock the release.
I have also c
Hi Eyal
Thanks for bringing this up. I am going to volunteer for shepherding 0.23
release. I will start a new thread soon.
On Fri, Mar 25, 2022 at 9:23 AM Gian Merlino wrote:
> I agree it's a good time to do a release. Most of the release-manager steps
> involve having commit privileges, but nev
Hi
I created a PR https://github.com/apache/druid-website-src/pull/281 to mark
slack as a preferred medium to get help. I wanted to do this because I
usually see more active participation from developers on the slack channel
as opposed to the druid user forum. (Please correct me if that assumption
+1
There is a lot of friction in joining apache infra slack. Also, I can't
tell if it is a recent policy change but any new invitation to the druid
channel now needs to be approved by ASF slack admin. That seems like one
more manual step to get over. Though is there a way to migrate/copy the
channe
Congratulations Kashif. You have done really great work, particularly on
the ingestion side. Looking forward to many more contributions in future.
On Thu, Jan 13, 2022 at 11:04 PM suneet Saldanha wrote:
> Hey Druids,
>
> The Druid PMC has invited Kashif Faraz (@kfaraz on GitHub)
> to become a co
Congratulations Frank.
On Tue, Nov 2, 2021 at 2:44 AM Jihoon Son wrote:
> Hey Druids,
>
> The Druid PMC has invited Frank Chen (@FrankChen021 on github) to
> become a PMC member and we are pleased to announce that he has
> accepted. Frank has been active in various parts of the Druid
> community
Congratulations Atul.
On Tue, Nov 2, 2021 at 2:43 AM Jihoon Son wrote:
> Hey Druids,
>
> The Druid PMC has invited Atul Mohan (@a2l007 on github) to become a
> PMC member and we are pleased to announce that he has accepted. Atul
> has been making substantial contributions in the Druid community,
Congratulations Agustin. Keep up the good work.
On Tue, Nov 2, 2021 at 2:42 AM Jihoon Son wrote:
> Hey Druids,
>
> The Druid PMC has invited Agustin Gonzalez Tuchmann (@loquisgon on
> github) to become a committer and we are pleased to announce that he
> has
> accepted. Agustin has made several
If an entry is deleted from the metadata, how is the coordinator going to
update its own state?
On Tue, Apr 6, 2021 at 3:38 PM Itai Yaffe wrote:
> Hey,
> I'm not a Druid developer, so it's quite possible I'm missing many
> considerations here, but from a first glance, I like your offer, as it
>
ID function and caching for join queries
> >
> > On Tue, Mar 23, 2021 at 8:36 PM Jonathan Wei wrote:
> >
> > > Hey Druids,
> > >
> > > The Druid PMC has invited Abhishek Agarwal (@abhishekagarwal87 on
> GitHub)
> > > to become a committer a
77 matches
Mail list logo