Release 380-e LTS (23 May 2022)

Starburst Enterprise platform (SEP) 380-e is the follow up release to the 379-e STS release and the 370-e LTS release.

This release is a long term support (LTS) release.

The 380-e release includes all improvements from the following Trino project releases:

• Trino 380

• Trino 379

• Trino 378

• Trino 377

• Trino 376

• Trino 375

• Trino 374

• Trino 373

• Trino 372

• Trino 371

It contains all improvements from the Starburst Enterprise releases since 370-e LTS:

• 379-e STS

• 378-e STS

• 377-e STS

• 376-e STS

• 375-e STS

• 374-e STS

• 373-e STS

• 372-e STS

• 371-e STS

Highlights since 370-e

• Add support for data products as securable entities with built-in access control.

• Improve Kafka, PostgreSQL, Redshift, and Vertica connectors.

• Add a session timeout configuration property for the Starburst Enterprise web UI.

• Support two-way TLS for LDAP authentication.

• Improve performance of queries involving complex predicates for the Teradata, Stargate, and PostgreSQL connectors.

• Add autocomplete functionality for SQL in the query editor.

• Add support for download of a full result set from the query editor.

• Add an option to control the query log data retention period

Breaking changes since 370-e

• The SQL Server connector now enables TLS and certificate verification by default between the cluster and SQL Server, causing potential failures for catalogs that use the connector.

• The ldap.ssl-trust-certificate configuration property for an LDAP password authenticator has been deprecated in favor of ldap.ssl.keystore.path and ldap.ssl.truststore.path for two-way TLS with an LDAP authentication server. Clusters that use the deprecated property in their LDAP password authenticator should migrate to the new properties as soon as possible.

• Data products title length is now limited to 40 characters. Any existing data products with titles longer than 40 characters must be deleted and recreated.

• Require value for the shared secret configuration for internal communication when any authentication is enabled.

• The insights.authorized-users and insights.authorized-groups configuration properties are deprecated in favor of starburst.access-control.authorized-users and starburst.access-control.authorized-groups, respectively. These starburst. configuration properties also use a comma-separated list value, instead of a pipe-delineated list like the deprecated insights. properties. For more information, see Insights general configuration properties.

• There are new format requirements for role names using built-in access controls. Role names with spaces must be replaced. Role names can have up to 64 characters, but can only contain lowercase Latin letters, digits, and underlines.

380-e.0 initial changes

General

• Improve display for privileges with grant option in the Starburst Enterprise web UI.

• Added Java configuration options -XX:+UnlockDiagnosticVMOptions -XX:+UseAESCTRIntrinsics in jvm.config to reflect Trino defaults.

Security

• Allow role creation only after specific role is set with SET ROLE.

• Reintroduce ldap.ssl-trust-certificate as a legacy configuration property.

• Update Helm chart to Starburst Ranger 2.1.0-e.39.

Built-in access control

• Add privileges for Starburst Enterprise web UI.

• Add privileges for Data products and domain access.

• Add audit logs for built-in access control as public preview feature.

• Raise built-in access control to a general availability feature.

Data products

• Raise data products to a general availability feature.

• Add Starburst Enterprise REST API for managing data products.

• Add usage metrics for individual data products.

• Improve the data product edit workflow.

• Add discussion threads.

Helm charts

• Add KEDA scaler for SEP.

380-e.1 changes (8 Jun 2022)

• Standardize on UBI minimal base image for all containers used by the EKS listings.

• Fix reading of grant change logs from SEP versions 375-e and earlier.

• Fix potential query failure when metastore caching is enabled.

• Fix typo in the configuration property name to remove an unsupported underscore and replace it with the appropriate dash DELEGATED-OAUTH2.

• Fix sync_partition_metadata procedure failure when table has a large number of partitions.

• Fix incorrect results for queries where aggregation is pushed down for a remote database to execute and the aggregation function result is not needed to evaluate the query. Applies to the ClickHouse, MariaDB, MySQL, Oracle, SQL Server, PostgreSQL, and SingleStore connectors.

380-e.2 changes (1 Jul 2022)

• Update jackson-databind to 2.13.3, see security advisory CVE-2020-36518.

• Fix bigint parsing for the Web UI Query editor, no longer shows truncated results if it uses the default JSON.parse method.

• Allow canceling a query on a transactional table if it is waiting for a lock.

• Avoid errors when attempting to query tables that exist in multiple Snowflake databases with role impersonation enabled. The errors were a result of multiple tables matching the same schema/table name.

380-e.3 changes (1 Aug 2022)

Important: In this release, we’ve patched a bug that causes the potential for incorrect results from certain queries that have had joins reordered in specific ways, in combination with certain data. A small percentage of queries are affected, but due to the complexity of the conditions that trigger the bug, it is not possible to predict which queries will be affected and thus we recommend that _all_ customers upgrade all clusters.

• Fix incorrect results for certain join queries containing filters involving explicit or implicit casts.

• Add Varbinary handling to Kafka Protobuf deserializer.

• Fix initialization failure when the internal table snapshots cache is disabled. Applicable to the Delta Lake connector.

• Fix incorrect query results when reading a Delta Lake table with a cached representation of its active data files that are outdated.

• Fix certain complex queries that involve joins and aggregations.

• Fix incorrect results when using the Glue metastore and queries contain IS NULL with additional filters. Applicable to Hive, Iceberg, and Delta connectors.

• Fix incorrect pushdown of expression below join.

380-e.4 was skipped.

380-e.5 changes (9 Sep 2022)

• Fix issue with live queries being filtered incorrectly.

• Fix writing incorrect results in the Delta Lake connector when the order of partition columns is different from the order in the table definition

• Fix incorrect table already exists error in the Delta Lake connector caused by a client timeout when creating a new table.

• Fix bug in the Hive connector where query constraints were not used when fetching table statistics.

• Fix Teradata pushdown correctness for char types.

380-e.6 changes (26 Sep 2022)

• Fix bug that prevented cluster metrics for Insights from being persisted.

• Fix query failure when renaming or dropping columns that should be quoted. Applies to the ClickHouse, MariaDB, MySQL, Oracle, Phoenix, PostgreSQL, Redshift, SingleStore, and SQL Server connectors.

• Fix query failure when adding a column that shoud be quoted. Applies to the Phoenix connector.

• Fix query failure when adding a column with a column comment that has special characters which require it to be escaped. Applies to the ClickHouse connector.

• Fix query failure when creating a table with a table or column comment that has special characters which require it to be escaped. Applies to the ClickHouse, MariaDB, and MySQL connectors.

• Fix query failure when setting a table comment that has special characters which require it to be escaped. Applies to the ClickHouse, MariaDB, and MySQL connectors.

• Fix query failure when setting a column comment that has special characters which require it to be escaped. Applies to the ClickHouse, Oracle, PostgreSQL, and Redshift connectors.

• Fix query failure upon reading from a Hive view when hive.hive-views.run-as-invoker and hive.hive-views.legacy-translation are both enabled for views in Hive SQL translated to Trino SQL.

• Fix potential table corruption when changing a table before committing to the Hive metastore has completed. Applies to the Iceberg connector.

380-e.7 changes (6 Oct 2022)

• Fix potential SQL injection when querying BigQuery tables.

• Fix potential data corruption when Iceberg commit to Glue fails. Applies to the Iceberg connector.

• Fix inability to set the AWS STS endpoint and region when using a Glue metastore. Applies to the Delta, Hive, and Iceberg connectors.

380-e.8 changes (27 Oct 2022)

• Prevent coordinator out-of-memory failure when querying a large number of tables in a short period of time. Applies to the Delta Lake connector.

• Fix error when using PREPARE with DROP VIEW where the view name is quoted.

• Fix network issues during the data transfer for tables with a large number of columns. Applies to the Teradata Direct connector.

380-e.9 changes (17 Nov 2022)

• Fix failure for certain queries involving join operations over partitioned tables.

• Fix potential query failure or incorrect results when reading from a table with the avro.schema.literal Hive table property set. Applies to the Hive connector.

• Fix possible query failures for certain queries with join pushdown enabled on the Teradata Direct connector.

• Fix failure when reading duplicated column statistics in the Hive connector.

380-e.10 changes (1 Dec 2022)

• Fix a correctness bug for queries with certain window operators used in sequence.

• Suppress access denied exception in the Hive connector when listing all tables/views in a Glue database.

380-e.11 changes (8 Dec 2022)

• Fix bug in parquet reader for arrays spanning multiple parquet pages. Applies to the Hive, Delta Lake, and Iceberg connectors.

380-e.12 changes (20 Jan 2023)

• Fix an issue when creating materialized view is denied because of missing permissions to HMS but replacing materialized view is allowed when using HMS impersonation.

• Fix ArrayIndexOutOfBoundsException from accelerated parquet reader when reading string columns. Applies to the Hive and Iceberg connectors.

• Disallow performing UPDATE or DELETE on Hive ACID transactional tables to prevent correctness issues when the operation modifies a large number of rows. These operations can be re-enabled using the hive.acid-modification-enabled catalog configuration property or the acid_modification_enabled catalog session property.

• Fix parquet read failure where column indexes do not include a null count.

380-e.13 changes (14 Feb 2023)

• Fix incorrect results for large negative values stored in DECIMAL or TIME type columns with DELTA_BINARY_PACKED encoding in parquet files. Applies to the Hive, Iceberg, and Delta Lake connectors.

• Fix query failure for some outer join operations.

380-e.14 changes (21 Feb 2023)

• Fix incorrect results for queries involving an equality predicate in a WHERE clause that is equal to a term of a SELECT clause in one of the branches of a JOIN.

• Fix INSERT failing on DATE columns with multiple values containing NULL. Applies to the Teradata connectors.

• Fix failure potential failure for queries involving joins and implicit or explicit casts of NULL to a concrete type.

380-e.15 changes (15 Mar 2023)

• Fix ANALYZE when Hive partition has non-canonical value.

• Fix rendering data cells with multiple space characters.

380-e.16 changes (3 Apr 2023)

• Fix hive.timestamp-precision in Hive views.

• Fix a possible query failure with a Kerberized Hive connector when the query executes longer than the Kerberos ticket lifetime.

• Update Teradata table operator to OpenSSL 3.1.0.

380-e.17 changes (14 Apr 2023)

• Remove SnakeYAML library references from dependency trees and Ranger plugin as a preventative measure for CVE-2022-1471.

380-e.18 changes (28 Apr 2023)

• Fix a performance issue with access control on Ranger with a large number of user-based policies.

• Fix query failure when a Kafka topic contains messages with a NULL value, also known as a tombstone message.

• Fix a potential internal communication secret link. See the security advisory for more information.

• Remediate the following CVEs:

  • CVE-2022-3509

  • CVE-2022-3510

  • CVE-2022-40152

  • CVE-2022-42003

  • CVE-2023-1370

380-e.19 changes (15 May 2023)

• Fix Starburst Enterprise web UI overview page error when internal TLS is enabled.