Release 380-e LTS (23 May 2022)#

Starburst Enterprise platform (SEP) 380-e is the follow up release to the 379-e STS release and the 370-e LTS release.

This release is a long term support (LTS) release.

The 380-e release includes all improvements from the following Trino project releases:

It contains all improvements from the Starburst Enterprise releases since 370-e LTS:

Highlights since 370-e#

  • Add support for data products as securable entities with built-in access control.

  • Improve Kafka, PostgreSQL, Redshift, and Vertica connectors.

  • Add a session timeout configuration property for the Starburst Enterprise web UI.

  • Support two-way TLS for LDAP authentication.

  • Improve performance of queries involving complex predicates for the Teradata, Stargate, and PostgreSQL connectors.

  • Add autocomplete functionality for SQL in the query editor.

  • Add support for download of a full result set from the query editor.

  • Add an option to control the query log data retention period

Breaking changes since 370-e#

  • The SQL Server connector now enables TLS and certificate verification by default between the cluster and SQL Server, causing potential failures for catalogs that use the connector.

  • The ldap.ssl-trust-certificate configuration property for an LDAP password authenticator has been deprecated in favor of ldap.ssl.keystore.path and ldap.ssl.truststore.path for two-way TLS with an LDAP authentication server. Clusters that use the deprecated property in their LDAP password authenticator should migrate to the new properties as soon as possible.

  • Data products title length is now limited to 40 characters. Any existing data products with titles longer than 40 characters must be deleted and recreated.

  • Require value for the shared secret configuration for internal communication when any authentication is enabled.

  • The insights.authorized-users and insights.authorized-groups configuration properties are deprecated in favor of starburst.access-control.authorized-users and starburst.access-control.authorized-groups, respectively. These starburst. configuration properties also use a comma-separated list value, instead of a pipe-delineated list like the deprecated insights. properties. For more information, see Insights general configuration properties.

  • There are new format requirements for role names using built-in access controls. Role names with spaces must be replaced. Role names can have up to 64 characters, but can only contain lowercase Latin letters, digits, and underlines.

380-e.0 initial changes#

General#

  • Improve display for privileges with grant option in the Starburst Enterprise web UI.

  • Added Java configuration options -XX:+UnlockDiagnosticVMOptions -XX:+UseAESCTRIntrinsics in jvm.config to reflect Trino defaults.

Security#

  • Allow role creation only after specific role is set with SET ROLE.

  • Reintroduce ldap.ssl-trust-certificate as a legacy configuration property.

  • Update Helm chart to Starburst Ranger 2.1.0-e.39.

Built-in access control#

Data products#

Helm charts#

380-e.1 changes (8 Jun 2022)#

  • Standardize on UBI minimal base image for all containers used by the EKS listings.

  • Fix reading of grant change logs from SEP versions 375-e and earlier.

  • Fix potential query failure when metastore caching is enabled.

  • Fix typo in the configuration property name to remove an unsupported underscore and replace it with the appropriate dash DELEGATED-OAUTH2.

  • Fix sync_partition_metadata procedure failure when table has a large number of partitions.

  • Fix incorrect results for queries where aggregation is pushed down for a remote database to execute and the aggregation function result is not needed to evaluate the query. Applies to the ClickHouse, MariaDB, MySQL, Oracle, SQL Server, PostgreSQL, and SingleStore connectors.

380-e.2 changes (1 Jul 2022)#

  • Update jackson-databind to 2.13.3, see security advisory CVE-2020-36518.

  • Fix bigint parsing for the Web UI Query editor, no longer shows truncated results if it uses the default JSON.parse method.

  • Allow canceling a query on a transactional table if it is waiting for a lock.

  • Avoid errors when attempting to query tables that exist in multiple Snowflake databases with role impersonation enabled. The errors were a result of multiple tables matching the same schema/table name.