Hi Pravin, I have started preparing the list of JIRAs but still I need suggestions from the OSS community on the same. I will create an umbrella JIRA shortly and add all the suggested changes to that list.
The suggestions that we have got till now are HIVE-17315 and HIVE-24694. I have also some changes at the start of this mail thread. Please feel to suggest any new changes that can be added to this list. I welcome all suggestions from the community. Thanks, Aman. ________________________________ From: Pravin Sinha <mailpravi...@gmail.com> Sent: Friday, November 4, 2022 12:45 AM To: dev@hive.apache.org <dev@hive.apache.org> Subject: Re: [EXTERNAL] Re: Proposal : New Release 3.2.0 | Fixing CVE's and Bugs on apache hive branch-3 [You don't often get email from mailpravi...@gmail.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] +1, Thanks for driving this, Aman. Apart from CVE fixes, do you have a list of JIRAs to be targeted? -Pravin On Thu, Nov 3, 2022 at 11:12 PM Chris Nauroth <cnaur...@apache.org> wrote: > Thank you for driving this! > > To kick things off, I have filed HIVE-26702 for a backport of HIVE-17315 (a > total of 5 sub-tasks/patches) to 3.2.0. This adds support for more flexible > configuration of the metastore's database connection pooling. Dataproc's > distribution has been running this in production backported onto release > 3.1.3, so I can provide the patches. > > May I assume that our intent is to keep 3.2.x backward-compatible with > 3.1.x? > > Chris Nauroth > > > On Thu, Nov 3, 2022 at 3:53 AM Sankar Hariappan > <sankar.hariap...@microsoft.com.invalid> wrote: > > > +1, I'm excited to see the scope includes important upgrades and CVE > fixes. > > We should carefully port the relevant patches from master as code has > been > > heavily refactored. But, it make perfect sense to give another 3.x > release > > from Hive to keep the users delighted. > > Thanks Aman for the initiative! > > > > Thanks, > > Sankar > > > > -----Original Message----- > > From: 张铎(Duo Zhang) <palomino...@gmail.com> > > Sent: Thursday, November 3, 2022 2:53 PM > > To: dev@hive.apache.org > > Subject: [EXTERNAL] Re: Proposal : New Release 3.2.0 | Fixing CVE's and > > Bugs on apache hive branch-3 > > > > [You don't often get email from palomino...@gmail.com. Learn why this is > > important at https://aka.ms/LearnAboutSenderIdentification ] > > > > +1, and please include HIVE-24694... > > > > Thanks. > > > > Aman Raj <raja...@microsoft.com.invalid> 于2022年11月3日周四 17:03写道: > > > > > > Hi team, > > > > > > > > > We know that Hive 4.0.0 release is ongoing but considering the number > of > > changes going into the release, it will take some iterations to come up > > with the stable version for the same. Meanwhile there are a lot of issues > > in Hive 3.1.3 which our customers have reported. In this scenario, it > makes > > sense to make a release from branch-3 which will have all the necessary > > upgrades, bug and CVE fixes which are causing issues to the existing > > customers. Also, Hive is still using Hadoop 3.1.0 whereas Spark 3.3 has > > already moved to Hadoop 3.3.1. Therefore, we need to do the same for > hive. > > > > > > > > > > > > I will be happy to take the ownership of this new release and will be > > creating JIRA's for all the fixes that will go on with this release. > > > > > > > > > > > > Therefore, I am proposing a new release cut out from branch-3. The > > release version would be hive-3.2.0. > > > > > > > > > > > > This version will include major upgrades as: > > > > > > 1. Hadoop version upgrade to 3.3.4 > > > 2. Zookeeper version upgrade to 3.6.3 > > > 3. Tez version upgrade to 0.10.2 > > > 4. Calcite version upgrade to 1.25.0 > > > 5. Orc version upgrade to 1.6.9 > > > > > > This version will also include major CVE fixes as follows: > > > > > > 1. NVD - CVE-2020-13949 (nist.gov)< > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-13949&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808816529%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=729uMBfIC0XAUxgWRLsEdz18%2FMGUTQ8apcZgQ2e3Ulc%3D&reserved=0 > > > > - Libthrift Upgrade to 0.14.1 (OSS Jira : > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25098&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808816529%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dlcZD%2BHFwGVXOFHZirSghlpzjeMbEtq6QHbfkaBCmEg%3D&reserved=0 > > < > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25098&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808816529%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dlcZD%2BHFwGVXOFHZirSghlpzjeMbEtq6QHbfkaBCmEg%3D&reserved=0 > > >) > > > > > > 1. NVD - CVE-2015-1832 (nist.gov)< > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2015-1832&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808816529%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=XdtbP6QvQv8T%2Fvf1QDjxxKw95%2BdlE2RgG%2Bqa5YvXT04%3D&reserved=0 > > > > - Derby upgrade to 10.14.2.0 (OSS Jira : > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%2540hive.apache.org%2Fmsg142721.html&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808816529%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3QcDaCKlNpFZouZ%2BDRMgCvBIYjSMpIPiHKHKbI6VVu8%3D&reserved=0 > > < > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%2540hive.apache.org%2Fmsg142721.html&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808972271%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=29o3GULVV9NhPHqclxubesLRCKs2IaS7NdiX%2BSfE5UI%3D&reserved=0 > > >) > > > > > > 1. NVD - CVE-2013-4002 (nist.gov)< > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2013-4002&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808972271%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=jneV%2F9aKeHcNdKC3gXX96ryDI22NcUb2FLLKXWZB3nU%3D&reserved=0 > > > > - Xerces Upgrade to 2.12.2 (OSS Jira : > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25920&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808972271%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=jgiU77HyxlXBERcBW7d6rYfLzH1vhBIbfTX1mmJz2XI%3D&reserved=0 > > < > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25920&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808972271%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=jgiU77HyxlXBERcBW7d6rYfLzH1vhBIbfTX1mmJz2XI%3D&reserved=0 > > >) > > > > > > 1. NVD - CVE-2020-36518 (nist.gov)< > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-36518&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808972271%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=e29usJ0mVQfL8sLvyEAHXOKLNyvnWgT9Y%2BzedmucYjY%3D&reserved=0 > > > > - Jackson upgrade to 2.12.7 (OSS Jira : > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%40hive.apache.org%2Fmsg142871.html&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808972271%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=iUIsRCR5Aa6sxWCvuTfNlpwAubpw8sWViOBabd9KgAM%3D&reserved=0 > > < > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%40hive.apache.org%2Fmsg142871.html&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808972271%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=iUIsRCR5Aa6sxWCvuTfNlpwAubpw8sWViOBabd9KgAM%3D&reserved=0 > > >) > > > > > > 1. NVD - CVE-2022-23221 (nist.gov)< > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2022-23221&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808972271%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=2U4%2BTfG9pdmmYHraaBEHN1EhSRd02eCQRHMzoa%2BS%2F0w%3D&reserved=0 > > > > - Upgrade H2 database version to 2.1.210 (OSS Jira : > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25945&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808972271%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=UwJkswdZWGCXbn3JUT%2Fe5PLHirUZT0dyQiuTtHNA7LE%3D&reserved=0 > > < > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25945&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808972271%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=UwJkswdZWGCXbn3JUT%2Fe5PLHirUZT0dyQiuTtHNA7LE%3D&reserved=0 > > >) > > > > > > 1. WS-2021-0419 | Mend Vulnerability Database< > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mend.io%2Fvulnerability-database%2FWS-2021-0419&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808972271%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=TFiFnf6sOIxwM7L9OgD%2B3O6um8fPmSezW3ofoLH%2BZUg%3D&reserved=0 > > > > - Upgrade gson to 2.8.9 (OSS Jira : > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26078&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808972271%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Qqdz2Cm1wSrGHNQcYg0V%2Bl6qROSJ9e5H5j262oaAc1M%3D&reserved=0 > > < > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26078&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808972271%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Qqdz2Cm1wSrGHNQcYg0V%2Bl6qROSJ9e5H5j262oaAc1M%3D&reserved=0 > > >) > > > > > > 1. NVD - CVE-2020-11979 (nist.gov)< > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-11979&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808972271%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=TtUz5ehpzug8fsRj6Xkl8omjDdYT7x0xY7IohYi1LSk%3D&reserved=0 > > > > - Upgrade ant to 1.10.9 (OSS Jira : [HIVE-26081] Upgrade ant to 1.10.9 - > > ASF JIRA (apache.org)< > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26081&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808972271%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=db1UY2NbifwS4UZ4X6e0HPZ8qbPpDkTB35M9WxTO17g%3D&reserved=0 > > >) > > > > > > 1. NVD - CVE-2020-17533 (nist.gov)< > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-17533&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808972271%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Lx8pQT2SW2F78XDO%2BTc%2B60v7P18ny5sHZnNvvkXupyQ%3D&reserved=0 > > > > - Upgrade accumulo-core to 1.10.1 (OSS Jira : [HIVE-26080] Upgrade > > accumulo-core to 1.10.1 - ASF JIRA (apache.org)< > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26080&data=05%7C01%7Crajaman%40microsoft.com%7Cfb952aa41d75479b000b08dabdcfdfd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030997808972271%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=qUHMR63tXklIDrUweNbv4zlp%2BwWYYk7yGS5G314i3cE%3D&reserved=0 > > >) > > > > > > > > > > > > The version can also contain critical bug fixes that have been fixed in > > Open-Source master. Please suggest any other important backports that can > > be included in this section. > > > > > > I am thinking of the backport of transaction statistics related patches > > to enable better CBO for ACID tables and datanucleus changes to 5.x can > be > > some bug fixes that we can consume in this release. This is an Open forum > > and I welcome your suggestions on the same. > > > > > > > > > > > > We can take a month or two to make this release after validating the > > test scenarios and use cases. I will come up with the proper timelines > for > > this 3.2.0 release once we get the community approval for the same. > > > > > > > > > > > > Thanks, > > > > > > Aman. > > > > > >
