Release 477-e STS (12 Nov 2025)

Starburst Enterprise platform (SEP) 477-e is the follow up SEP release to 476-e. It includes all improvements from the following Trino releases:

• Trino 477

This release is a short term support (STS) release.

Breaking changes

• The starburst catalog is no longer supported for static or dynamic configuration of Starburst AI. From version 476-e.4, a catalog named starburst hosting functionality such as Starburst AI and S3 storage functions is automatically created on each cluster. Any previously created static or dynamic catalog named starburst must be removed before upgrading to 477-e. If you previously created a catalog named starburst to work with AI functions, you must now place its configuration properties in config.properties. If you had previously created a starburst catalog unrelated to AI, you must rename it to prevent cluster startup failure. This change is not backward compatible.

• As of release 477-e, some metric and JMX bean names have changed:

  • Metric names previously under trino_metadata_name_DiscoveryNodeManager_* are now trino_node_name_CoordinatorNodeManager_*.

  • JMX bean names previously under trino.metadata:name=DiscoveryNodeManager/* are now trino.node:name=CoordinatorNodeManager/*.

  You must update monitoring and alerting configurations that reference the old names, or related metrics will no longer be reported.

• Updated authenticator validation to disallow configuring delegated-* and non-delegated authenticators together. The delegated- variants override their non-delegated equivalents, include all their features, and use the same configuration properties. This change requires updates to authentication configuration to remove unsupported authenticator combinations. This change affects delegated-oauth2, delegated-jwt, delegated-password, and delegated-kerberos.

• Teradata Direct connector HTTPS configuration has changed. The teradata-direct.https.keystore.path and teradata-direct.keystore.password properties have been removed. A new mandatory property, teradata-direct.root-certificate.path, has been added to specify the PEM-format root certificate for TLS validation between Teradata and SEP nodes. HTTPS configuration now inherits settings from the global coordinator and worker properties. You must update your configuration to remove the old keystore properties and provide the root certificate path. The only available option for encryption is via the SEP keystore. Automatic TLS configuration is not supported.

• The default value for catalog.store has changed from file to starburst. This change only affects clusters that use dynamic catalog management (catalog.management=dynamic). When you use dynamic catalogs with the new default, the system stores catalog configurations in the backend database and ignores any existing catalog configuration files on startup. To use dynamic catalog management with file-based storage, you must set catalog.store=file.

• The following Starburst Warp Speed properties are deprecated and will be removed in a future release:

  • warp-speed.config.store.type

  • warp-speed.store.path

  • warp-speed.objectstore.*

  • warp-speed.local-store.path

  • warp-speed.enable.import-export

  • warp-speed.use-http-server-port

  • warp-speed.call-home.*

General

• SEP data maintenance is now generally available.

• Starburst data catalog is now generally available.

• SEP 477-e is the final release that supports the default implementation of the ConnectorFactory#getSecuritySensitivePropertyName method. This method identifies configuration properties that may contain security-sensitive information so the engine can mask their values. In a future release, the method will become abstract, and custom connectors will need to provide their own implementation. This change affects only customers who maintain custom plugins.

• Managed statistics are now automatically dropped or updated when certain DDL operations are executed within the SEP cluster. This ensures statistics remain consistent with the underlying table schema. Supported operations include:

  • DROP TABLE

  • ALTER TABLE ... RENAME TO

  • ALTER TABLE ... DROP COLUMN

  • ALTER TABLE ... RENAME COLUMN

  • DROP SCHEMA ... CASCADE

  • ALTER SCHEMA ... RENAME TO

• Managed statistics are now automatically dropped or updated when the following catalog modification statements are executed within the SEP cluster:

  • DROP CATALOG

  • ALTER CATALOG ... RENAME TO

  • ALTER CATALOG ... SET PROPERTIES

• Added support for large filter and project expressions that use CASE, AND, or OR operators to resolve failures on large queries with complex filters.

• Added support for LOAD and UNLOAD table functions to the built-in starburst catalog for reading from and writing to external object storage locations within SQL queries.

• Added a refresh button to refresh the catalog tree in the catalog explorer in the SEP query editor.

• Added the starburst.csv-with-bom.enabled configuration property to enable UTF-8 byte order mark (BOM) encoding for CSV file downloads when using the Run and the Run and download options in the query editor.

• Added the -XX:-RewriteBytecodes JVM flag to the default configuration. This change disables JVM bytecode rewriting by default to prevent potential heap corruption issues on ARM64 systems.

• Added support for Starburst Warp Speed-enabled Hive and Iceberg catalogs in data products.

• The Data Products menu entry is now visible by default. To hide it, set starburst.data-product.enabled=false.

• Added support for warp_speed catalogs in Data Products. Users can now create data products from Iceberg and Hive catalogs with warp_speed.

• Improved execution speed for queries using outer joins, aggregations, metadata operations, and the MERGE command.

• Improved performance of aggregations on single BIGINT columns with high cardinality.

• Improved performance of data product search, significantly speeding up text-based filtering.

• Improved the cluster explorer user interface by ensuring it refreshes automatically when a catalog-level role is updated.

• Warmup rules are deprecated and will be removed in a future release.

• Upgraded Apache Ozone to 2.0.0.

• Fixed an issue where data product deletion failures could occur without a visible error. Failures when deleting a data product now return a clear error message.

• Fixed an issue where navigating to query overview from a workload management table caused filter controls to become unresponsive.

• Fixed an issue that prevented the SEP product version from rendering in the About dialog.

• Fixed an issue that caused failures when running more complex Python-based UDFs.

• Limited access to the following table branch operations to sysadmin users with BIAC enabled:

  • CREATE BRANCH

  • ALTER BRANCH

  • DROP BRANCH

  • GRANT, DENY, REVOKE privileges on branches like GRANT SELECT ON BRANCH branch IN TABLE catalog.schema.table TO ROLE role

  • GRANT CREATE BRANCH ON table TO ROLE role

• Fixed an issue where the cache service could consume excessive memory, potentially leading to out-of-memory errors.

• Fixed an issue where viewing the list of roles in the BIAC UI as a sysadmin incorrectly generated a CREATE ROLE audit log event. The audit log now records only actual create operations.

• Restored JMX metrics for the embedded cache service when running in an embedded node.

• Fixed an issue that prevented configuring delegated-oauth2 and delegated-jwt authenticators at the same time.

• Fixed view analysis error affecting views that use SELECT * SQL syntax and session property hide_inaccessible_columns=true.

Security

• Updated jinjava to 2.8.1 to mitigate CVE-2025-59340.

• Updated starburst-schema-registry to version 0.9.1-e.8 to mitigate the following CVEs:

  • CVE-2024-22257

  • CVE-2024-22259

  • CVE-2025-22228

Starburst AI

• AI Agent is now generally available.

• AI functions are now generally available.

• Agent-based data product enrichment is now generally available.

• Added public preview support for an MCP server.

• Added support for batch processing of AI task functions.

• Added support for storing AI Agent sessions in Insights database.

• Added support for AWS anonymous credentials authentication when connecting to an external AI model.

Alteryx connector

• Alteryx connector is now generally available.

• Added support for the TIME datatype.

BigQuery connector

• Added support for clearing all metadata caches with the system.flush_metadata_cache() procedure.

ClickHouse connector

• Added support for CAST pushdowns of Date and Timestamp types.

• Added support for date_trunc function projection pushdown.

• Added support for DateTime64.

• Added support for Date32.

Delta Lake connector

• Added support for writing to variant columns.

• Added support for credential vending with Unity Catalog.

Elasticsearch connector

• Added support for OAuth 2.0 token pass-through authentication.

Hive connector

• Added support for automatic type coercion to unbounded VARCHAR when length exceeds 65535.

• Added support for reading legacy dates and timestamps written by Hive in Orc and Parquet.

Iceberg connector

• Updated to use v2 of the AWS Glue SDK by default when iceberg.catalog.type=glue is set.

• Updated to use the hive.metastore.glue.default-warehouse-dir configuration property when creating a new schema in Glue catalog.

• Improved handling of materialized view drops by canceling any associated refresh jobs, reducing unnecessary resource usage.

• Added support for OAuth2 token passthrough authentication when using the Iceberg REST catalog.

• Fixed failure when reading deletion vectors generated by Databricks.

• Fixed failure due to column count mismatch when executing the add_files_from_table procedure.

Kafka connector

• Added support for Confluent’s JSON Schema Registry.

MongoDB connector

• Fixed query failures on nested fields in mixed-type arrays.

MySQL connector

• Added support for Azure Managed Identity authentication.

Oracle connector

• Added support for predicate pushdown on RAW(n) type.

• Fixed an issue that prevented reading certain DATE and TIMESTAMP values when the internal byte representation was invalid.

PostgreSQL connector

• Added support for Azure Managed Identity authentication.

Singlestore connector

• Add support for predicate pushdown on VARCHAR and CHAR types when the singlestore.experimental.enable-string-pushdown-with-binary configuration property is enabled.

SQLServer connector

• Added support for Azure Managed Identity authentication.

Starburst Stargate connector

• The Stargate parallel connector is now generally available and added support for the following features:

  • Password passthrough

  • OAuth2 passthrough

  • User impersonation

  • Managed statistics

Teradata connector

• Added the teradata.sql-based-metadata.enabled configuration property to control how the connector retrieves table metadata. When enabled, the connector uses faster SELECT * queries to get metadata. When set to false, it uses the standard JDBC metadata calls, which are slower but may avoid excessive SELECT * queries in logs.