+1, and please include HIVE-24694... Thanks.
Aman Raj <raja...@microsoft.com.invalid> 于2022年11月3日周四 17:03写道: > > Hi team, > > > We know that Hive 4.0.0 release is ongoing but considering the number of > changes going into the release, it will take some iterations to come up with > the stable version for the same. Meanwhile there are a lot of issues in Hive > 3.1.3 which our customers have reported. In this scenario, it makes sense to > make a release from branch-3 which will have all the necessary upgrades, bug > and CVE fixes which are causing issues to the existing customers. Also, Hive > is still using Hadoop 3.1.0 whereas Spark 3.3 has already moved to Hadoop > 3.3.1. Therefore, we need to do the same for hive. > > > > I will be happy to take the ownership of this new release and will be > creating JIRA's for all the fixes that will go on with this release. > > > > Therefore, I am proposing a new release cut out from branch-3. The release > version would be hive-3.2.0. > > > > This version will include major upgrades as: > > 1. Hadoop version upgrade to 3.3.4 > 2. Zookeeper version upgrade to 3.6.3 > 3. Tez version upgrade to 0.10.2 > 4. Calcite version upgrade to 1.25.0 > 5. Orc version upgrade to 1.6.9 > > This version will also include major CVE fixes as follows: > > 1. NVD - CVE-2020-13949 > (nist.gov)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-13949&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390055897%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=s4ezoJrvuEaRcH77R990wsFVR7za%2BJEoGXyDcaj9mRE%3D&reserved=0> > - Libthrift Upgrade to 0.14.1 (OSS Jira : > https://issues.apache.org/jira/browse/HIVE-25098<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25098&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390055897%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ruoe71g5SDIudoTNVhQsTYwTs2r7UN1LrjL2XzOuB7g%3D&reserved=0>) > > 1. NVD - CVE-2015-1832 > (nist.gov)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2015-1832&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390055897%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3Xs8rZwi2bIJEZyF%2FKf4614cBE6lmp8x%2FjvjB4FZpHs%3D&reserved=0> > - Derby upgrade to 10.14.2.0 (OSS Jira : > https://www.mail-archive.com/dev%40hive.apache.org/msg142721.html<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%2540hive.apache.org%2Fmsg142721.html&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390055897%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8VMamTvZ7WsH5ELN5MMHrryhLgE6QhtxTzrvJqJ%2FKmY%3D&reserved=0>) > > 1. NVD - CVE-2013-4002 > (nist.gov)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2013-4002&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=sHWPLpDhWgoCfmfvUFXj%2FKNPWv5Dx7a2bZYpdYHNaOk%3D&reserved=0> > - Xerces Upgrade to 2.12.2 (OSS Jira : > https://issues.apache.org/jira/browse/HIVE-25920<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25920&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=b8p2xL4q7eOxI1DvAXNLmpkzjcOtgd%2F9HervKbZMwJ0%3D&reserved=0>) > > 1. NVD - CVE-2020-36518 > (nist.gov)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-36518&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=NUyBIEfqM4dZ15Jk8645JJIHrl8o%2Bbhfj%2BBvkwhR7Mw%3D&reserved=0> > - Jackson upgrade to 2.12.7 (OSS Jira : > https://www.mail-archive.com/dev@hive.apache.org/msg142871.html<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%40hive.apache.org%2Fmsg142871.html&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Y9ikjhaWq76jWBxy25jRYddL%2BnbtgSOsdw0A5hAoUk8%3D&reserved=0>) > > 1. NVD - CVE-2022-23221 > (nist.gov)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2022-23221&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=qWb60OLRTEA5hO7Wl2zdQH1s8DhteC1sVa8Ci0gdcR4%3D&reserved=0> > - Upgrade H2 database version to 2.1.210 (OSS Jira : > https://issues.apache.org/jira/browse/HIVE-25945<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25945&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6EqeYjUgBBW28GErorZgUEW2YaVN%2BLz1TAybzTWhgYQ%3D&reserved=0>) > > 1. WS-2021-0419 | Mend Vulnerability > Database<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mend.io%2Fvulnerability-database%2FWS-2021-0419&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Bo7Ju4cPEFk7icPPSGJbxIFnERsmSqjYgES0FWS7xyc%3D&reserved=0> > - Upgrade gson to 2.8.9 (OSS Jira : > https://issues.apache.org/jira/browse/HIVE-26078<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26078&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YQh%2F75TBsYKkGmeUUTM7wnhWdQ50r11fIsfqQyim11I%3D&reserved=0>) > > 1. NVD - CVE-2020-11979 > (nist.gov)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-11979&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=N9dF2RGaafx4FYKbs4ppk1o%2FjtTjRkAUbko2ou4fZaU%3D&reserved=0> > - Upgrade ant to 1.10.9 (OSS Jira : [HIVE-26081] Upgrade ant to 1.10.9 - ASF > JIRA > (apache.org)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26081&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=XwU%2BPLbaWjCSoKPgj1l8Rniglm2%2FVjHGfq7bE4Tunn8%3D&reserved=0>) > > 1. NVD - CVE-2020-17533 > (nist.gov)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-17533&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mVCHR8rYUfhMeVbbB%2BJd2SNBGYOXHwM3xBwTyp8%2BUHY%3D&reserved=0> > - Upgrade accumulo-core to 1.10.1 (OSS Jira : [HIVE-26080] Upgrade > accumulo-core to 1.10.1 - ASF JIRA > (apache.org)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26080&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dQi8mSnQiRlFgIgvm2TKegQNvZOIYequQUyCI2Oi074%3D&reserved=0>) > > > > The version can also contain critical bug fixes that have been fixed in > Open-Source master. Please suggest any other important backports that can be > included in this section. > > I am thinking of the backport of transaction statistics related patches to > enable better CBO for ACID tables and datanucleus changes to 5.x can be some > bug fixes that we can consume in this release. This is an Open forum and I > welcome your suggestions on the same. > > > > We can take a month or two to make this release after validating the test > scenarios and use cases. I will come up with the proper timelines for this > 3.2.0 release once we get the community approval for the same. > > > > Thanks, > > Aman. >
