[ANNOUNCE] Apache Druid 0.20.0 release
The Apache Druid team is proud to announce the release of Apache Druid 0.20.0. Druid is a high performance analytics data store for event-driven data. Apache Druid 0.20.0 contains over 160 new features, performance enhancements, bug fixes, and major documentation improvements from 37 contributors. Major new features and improvements include: - Vectorization support for expression virtual columns - More aggregators with vectorization support - OFFSET clauses in SQL and offset parameters for the Scan and GroupBy queries - New substring search operators - UNION ALL operator for SQL queries - Support for all partitioning schemes in auto-compaction - A new auto-compaction status API - A "combining" InputSource allowing multiple input sources to be combined during ingestion Source and binary distributions can be downloaded from: https://druid.apache.org/downloads.html Release notes are at: https://github.com/apache/druid/releases/tag/druid-0.20.0 A big thank you to all the contributors in this milestone release!
[ANNOUNCE] Apache Druid 0.17.1 release
The Apache Druid team is proud to announce the release of Apache Druid 0.17.1. Druid is a high performance analytics data store for event-driven data. Apache Druid 0.17.1 is a bug fix release that addresses a string encoding issue. Source and binary distributions can be downloaded from: https://druid.apache.org/downloads.html Release notes are at: https://github.com/apache/incubator-druid/releases/tag/druid-0.17.1
[CVE-2020-1958]: Apache Druid LDAP injection vulnerability
Severity: High Vendor: The Apache Software Foundation Versions Affected: Druid 0.17.0 Description: When LDAP authentication is enabled: - Callers of Druid APIs with a valid set of LDAP credentials can bypass the `credentialsValidator.userSearch` filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based authorization checks, if configured. - Callers of Druid APIs can retrieve any LDAP attribute values of users that exist on the LDAP server, so long as that information is visible to the Druid server. This information disclosure does not require the caller itself to be a valid LDAP user. Mitigation: - Users of Druid 0.17.0 that use LDAP authentication should upgrade to Druid 0.17.1. Credit: This issue was discovered by Grzegorz GoĊawski.
[ANNOUNCE] Apache Druid 0.17.0 release
The Apache Druid team is proud to announce the release of Apache Druid 0.17.0. Druid is a high performance analytics data store for event-driven data. Apache Druid 0.17.0 contains over 250 new features, performance enhancements, bug fixes, and major documentation improvements from 52 contributors. Major new features and improvements include: - Batch ingestion improvements - Parallel query merging on brokers - SQL-compatible null handling - LDAP extension - Dropwizard emitter - Self-discovery resource - Supervisors system table - Fast historical start with lazy loading - Historical segment cache distribution change - New readiness endpoints - Support task assignment based on MiddleManager categories - Security vulnerability updates Source and binary distributions can be downloaded from: https://druid.apache.org/downloads.html Release notes are at: https://github.com/apache/druid/releases/tag/druid-0.17.0 A big thank you to all the contributors in this milestone release!
[ANNOUNCE] Apache Druid (incubating) 0.16.1 release
The Apache Druid team is proud to announce the release of Apache Druid (incubating) 0.16.1. Druid is a high performance analytics data store for event-driven data. Apache Druid 0.16.1-incubating is a bug fix and user experience improvement release that fixes a rolling upgrade issue, improves the startup scripts, and updates licensing information. Source and binary distributions can be downloaded from: https://druid.apache.org/downloads.html Release notes are at: https://github.com/apache/incubator-druid/releases/tag/druid-0.16.1-incubating A big thank you to all the contributors in this release! Disclaimer: Apache Druid is an effort undergoing incubation at The Apache Software Foundation (ASF), sponsored by the Apache Incubator. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF.