Release 402-e LTS (17 Nov 2022)

Starburst Enterprise platform (SEP) 402-e is the follow up release to the 401-e STS release and the 393-e LTS release.

This release is a long term support (LTS) release.

The 402-e release includes all improvements from the following Trino project releases:

• Trino 394

• Trino 395

• Trino 396

• Trino 397

• Trino 398

• Trino 399

• Trino 400

• Trino 401

• Trino 402

It contains all improvements from the Starburst Enterprise releases since 393-e LTS:

• 394-e STS

• 395-e STS

• 396-e STS

• 397-e STS

• 398-e STS

• 399-e STS

• 401-e STS

Highlights since 393-e

• Improved the Starburst Enterprise query editor overview with usability features, including support for multiple queries per tab and better SQL syntax support with the prettify feature.

• Added the access logs feature to the Built-in access control audit log.

• Expanded Fault-tolerant execution to support write operations on the MySQL, PostgreSQL, and SQL Server connectors.

• Added user to AWS role mapping in AWS Lake Formation access control support.

• Added support for the Cloudera schema registry with optional Kerberos authentication to the Starburst Kafka connector.

• Added support for Kerberos authentication with a credential cache to the Starburst Oracle connector.

Breaking changes since 393-e

• Users of third-party RBAC tools such as Apache Ranger and Immuta require access to several schemas in the system catalog. You must create a policy that includes system.metadata, system.jdbc, and system.runtime. Built-in access control users are unaffected, as this is handled for you.

• The hive.metastore.glue.read-properties-based-column-statistics catalog configuration property is now deprecated, as the current configuration is considered legacy and may be removed in a future release. Existing configurations that use this property must either remove it or rename the property to deprecated.hive.metastore.glue.read-properties-based-column-statistics or the cluster does not start.

• Trino release 401 includes a change to file-based access control which changes the default behavior of SEP with respect to table function security. From Trino 401 and later, access to table functions is allowed by default. In Trino 400 and earlier, access is denied by default. To mitigate unwanted access, you must add a function rule to deny the TABLE function type.

• The teradata.parallelism-type catalog configuration property has been deprecated and its functionality replaced with the newer teradata.connections_count catalog configuration property. If a catalog is configured with this deprecated property, the cluster fails to start.

• Cloudera Distributed Hadoop (CDH) version 5.x is no longer supported by the Starburst Hive connector. You must upgrade to CDH version 6.x or higher to continue querying the Cloudera Data Platform.

402-e.0 initial changes

The following changes from 402-e.0 are all part of the first public release.

General

• Added Starburst Warp Speed to accelerate query processing available as a public preview feature.

Security

• Added options to configure and apply column masks and row filters to built-in access control privileges.

• Changed treating built-in access control entity names to be case-insensitive, with the exception of user entities.

• Improved clarity of the error message that appears when attempting to create a built-in access control privilege that conflicts with an existing privilege.

Delta Lake connector

• Fixed a bug in the accelerated parquet reader that caused query failures when reading parquet files with nested schema.

Hive connector

• Fixed a bug in the accelerated parquet reader that caused query failures when reading parquet files with nested schema.

Iceberg connector

• Fixed a bug in the accelerated parquet reader that caused query failures when reading parquet files with nested schema.

Redshift connector

• Added the redshift.database-for-prefix.enabled catalog configuration property that allows Redshift catalogs to access multiple databases in Redshift.

SQL Server connector

• Added retry capabilities to the SQL server connector for deadlocks when parallelism is enabled.

Teradata connector

• Added the teradata.connections_count catalog configuration property to control the number of parellel JDBC connections. This property replaces the functionality of the now-deprecated teradata.parallelism-type catalog configuration property.

• Fixed query failures for certain queries with join pushdown enabled for Teradata Direct connector.

402-e.1 changes (1 Dec 2022)

• Fixed a correctness bug for queries with certain window operators used in sequence.

• Suppressed access denied exception in the Hive connector when listing all tables/views in a Glue database.

402-e.2 changes (8 Dec 2022)

• Fix bug in parquet reader for arrays spanning multiple parquet pages. Applies to the Hive, Delta Lake, and Iceberg connectors.

402-e.3 changes (20 Jan 2022)

• Fixed HTTP redirect after OAuth2 token refresh.

• Fixed an issue when creating materialized view is denied because of missing permissions to HMS but replacing materialized view is allowed when using HMS impersonation.

• Fixed using accurate type translation of the textural Hive view columns.

• Fixed redundant scope parameter.

• Fixed ArrayIndexOutOfBoundsException from accelerated parquet reader when reading string columns. Applies to the Hive and Iceberg connectors.

• Fixed issue with plain accessToken passthrough when only OAuth2 with refresh-token is configured.

• Fixed inability to use Ranger policies containing JavaScript.

• Disallowed performing UPDATE or DELETE on Hive ACID transactional tables to prevent correctness issues when the operation modifies a large number of rows. These operations can be re-enabled using the hive.acid-modification-enabled catalog configuration property or the acid_modification_enabled catalog session property.

• Fixed parquet read failure where column indexes do not include a null count.

402-e.4 changes (14 Feb 2023)

• Fixed incorrect results for large negative values stored in DECIMAL or TIME type columns with DELTA_BINARY_PACKED encoding in parquet files. Applies to the Hive, Iceberg, Delta Lake, and Hudi connectors.

• Fixed query failure for some outer join operations.

402-e.5 changes (21 Feb 2023)

• Fixed incorrect results for queries involving an equality predicate in a WHERE clause that is equal to a term of a SELECT clause in one of the branches of a JOIN.

• Fixed INSERT failing on DATE columns with multiple values containing NULL. Applies to the Teradata connectors.

• Fixed SSL connection failure for LDAP-based user impersonation.

402-e.6 changes (15 Mar 2023)

• Fixed predicate pushdown to partitioned columns of tables with a high number of partitions.

• Fixed query failures on reading Parquet files generated by Kafka Connect. Applies to the Hive, Hudi, Iceberg, and Delta Lake connectors.

• Fixed ANALYZE when Hive partition has non-canonical value.

• Fixed rendering data cells with multiple space characters.

• Fixed partition projection storage location.

402-e.7 changes (3 Apr 2023)

• Fixed hive.timestamp-precision in Hive views.

• Fixed a possible query failure with a Kerberized Hive connector when the query executes longer than the Kerberos ticket lifetime.

• Updated Teradata table operator to OpenSSL 3.1.0.

• Fixed error message for catalog errors when listing metadata.

402-e.8 changes (14 Apr 2023)

• Removed SnakeYAML library references from dependency trees and Ranger plugin as a preventative measure for CVE-2022-1471.

402-e.9 changes (28 Apr 2023)

• Fixed incorrect results when the query passed to the MongoDB query table function contains helper functions like ISODate.

• Fixed a performance issue with access control on Ranger with a large number of user-based policies.

• Fixed query failure when a Kafka topic contains messages with a NULL value, also known as a tombstone message.

• Fixed a potential internal communication secret link. See the security advisory for more information.

• Remediated the following CVEs:

  • CVE-2020-36518

  • CVE-2022-3509

  • CVE-2022-3510

  • CVE-2022-40152

  • CVE-2022-42003

  • CVE-2023-1370

402-e.10 changes (15 May 2023)

• Fixed authentication failure when Kerberos tickets expire. Applies to the Kudu connector.

• Fixed Starburst Enterprise web UI overview page error when internal TLS is enabled.

402-e.11 changes (12 Jun 2023)

• Fixed error on query details page for some queries executed on SEP versions prior to 395-e.

• Fixed falure when invoking current_timestamp.

402-e.12 changes (9 Aug 2023)

• Fixed reading concatenated GZIP streams.

• Fixed query results for joins on bucketed Hive tables.

402-e.13 changes (29 Aug 2023)

• Fixed parallel read of tables with non-clustered index in SQL Server.

• Fixed parsing logic for long values out of text rc files.

• Fixed write conflict detection for UPDATE/DELETE/MERGE operations. In rare situations, this issue may have resulted in duplicate rows when multiple of these operations were run at the same time, or at the same time as an optimize procedure.

• Fixed caching in LDAP group provider.

402-e.14 changes (19 Sep 2023)

• Fixed issue with Query Editor not running queries to completion which may have prevented results from being visible.

• Fixed potential unnecessary autoscaling triggers when Warp Speed is enabled.

402-e.15 changes (2 Oct 2023)

• Fixed potential for incorrect results when a table has deletion vectors in the Delta Lake connector.

• Added access control check to redirected tables when getting comments.

• Fixed JavaScript policy evaluation in Ranger and Privacera.

• Fixed performance when planning queries involving multiple window functions.

402-e.16 changes (18 Oct 2023)

• Improved performance for filtering catalogs, schemas, tables, and columns in BIAC.

• Remediated the following CVEs:

  • CVE-2018-20839

  • CVE-2023-36478

  • CVE-2023-36479

402-e.17 changes (13 Nov 2023)

• Fixed incorrect column statistics for Parquet file format in manifest files.

• Cast char fields, if necessary, to varchar type in Hive view translations.

• Fixed incorrect results for queries involving ORDER BY and window functions with ordered frames.

• Masked additional sensitive values in log files.

• Fixed incorrect results in MongoDB when a query contains several != or NOT IN predicates.

• Fixed JavaScript policy evaluation in Ranger and Privacera.

• Improved support for concurrent updates of table statistics in Glue.

• Fixed incorrect results for queries involving an aggregation in a correlated subquery.

402-e.18 changes (27 Nov 2023)

• Fixed possible JVM crash when reading short decimal columns in parquet files created by Impala (Hive, Hudi, Delta, Iceberg).

• Remediated CVE-2023-41900.

• Granting execution rights on a non-qualified function no longer makes all catalogs visible.