Release 380-e LTS (23 May 2022)

Starburst Enterprise platform (SEP) 380-e is the follow up release to the 379-e STS release and the 370-e LTS release.

This release is a long term support (LTS) release.

The 380-e release includes all improvements from the following Trino project releases:

• Trino 380

• Trino 379

• Trino 378

• Trino 377

• Trino 376

• Trino 375

• Trino 374

• Trino 373

• Trino 372

• Trino 371

It contains all improvements from the Starburst Enterprise releases since 370-e LTS:

• 379-e STS

• 378-e STS

• 377-e STS

• 376-e STS

• 375-e STS

• 374-e STS

• 373-e STS

• 372-e STS

• 371-e STS

Highlights since 370-e

• Add support for data products as securable entities with built-in access control.

• Improve Kafka, PostgreSQL, Redshift, and Vertica connectors.

• Add a session timeout configuration property for the Starburst Enterprise web UI.

• Support two-way TLS for LDAP authentication.

• Improve performance of queries involving complex predicates for the Teradata, Stargate, and PostgreSQL connectors.

• Add autocomplete functionality for SQL in the query editor.

• Add support for download of a full result set from the query editor.

• Add an option to control the query log data retention period

Breaking changes since 370-e

• The SQL Server connector now enables TLS and certificate verification by default between the cluster and SQL Server, causing potential failures for catalogs that use the connector.

• The ldap.ssl-trust-certificate configuration property for an LDAP password authenticator has been deprecated in favor of ldap.ssl.keystore.path and ldap.ssl.truststore.path for two-way TLS with an LDAP authentication server. Clusters that use the deprecated property in their LDAP password authenticator should migrate to the new properties as soon as possible.

• Data products title length is now limited to 40 characters. Any existing data products with titles longer than 40 characters must be deleted and recreated.

• Require value for the shared secret configuration for internal communication when any authentication is enabled.

• The insights.authorized-users and insights.authorized-groups configuration properties are deprecated in favor of starburst.access-control.authorized-users and starburst.access-control.authorized-groups, respectively. These starburst. configuration properties also use a comma-separated list value, instead of a pipe-delineated list like the deprecated insights. properties. For more information, see Insights general configuration properties.

• There are new format requirements for role names using built-in access controls. Role names with spaces must be replaced. Role names can have up to 64 characters, but can only contain lowercase Latin letters, digits, and underlines.

380-e.0 initial changes

General

• Improve display for privileges with grant option in the Starburst Enterprise web UI.

• Added Java configuration options -XX:+UnlockDiagnosticVMOptions -XX:+UseAESCTRIntrinsics in jvm.config to reflect Trino defaults.

Security

• Allow role creation only after specific role is set with SET ROLE.

• Reintroduce ldap.ssl-trust-certificate as a legacy configuration property.

• Update Helm chart to Starburst Ranger 2.1.0-e.39.

Built-in access control

• Add privileges for Starburst Enterprise web UI.

• Add privileges for Data products and domain access.

• Add audit logs for built-in access control as public preview feature.

• Raise built-in access control to a general availability feature.

Data products

• Raise data products to a general availability feature.

• Add Starburst Enterprise REST API for managing data products.

• Add usage metrics for individual data products.

• Improve the data product edit workflow.

• Add discussion threads.

Helm charts

• Add KEDA scaler for SEP.

380-e.1 changes (8 Jun 2022)

• Standardize on UBI minimal base image for all containers used by the EKS listings.

• Fix reading of grant change logs from SEP versions 375-e and earlier.

• Fix potential query failure when metastore caching is enabled.

• Fix typo in the configuration property name to remove an unsupported underscore and replace it with the appropriate dash DELEGATED-OAUTH2.

• Fix sync_partition_metadata procedure failure when table has a large number of partitions.

• Fix incorrect results for queries where aggregation is pushed down for a remote database to execute and the aggregation function result is not needed to evaluate the query. Applies to the ClickHouse, MariaDB, MySQL, Oracle, SQL Server, PostgreSQL, and SingleStore connectors.

380-e.2 changes (1 Jul 2022)

• Update jackson-databind to 2.13.3, see security advisory CVE-2020-36518.

• Fix bigint parsing for the Web UI Query editor, no longer shows truncated results if it uses the default JSON.parse method.

• Allow canceling a query on a transactional table if it is waiting for a lock.

• Avoid errors when attempting to query tables that exist in multiple Snowflake databases with role impersonation enabled. The errors were a result of multiple tables matching the same schema/table name.