Release 468-e LTS (28 February 2025)

Starburst Enterprise platform (SEP) 468-e LTS is the follow up release to the 468-e STS release and the 462-e LTS release.

This release is a promotion of the original 468-e STS release in February 2025 into a long term support (LTS) release.

It contains all improvements from Starburst Enterprise releases since the 462-e LTS release:

• 464-e STS

• 467-e STS

It includes all improvements from the following Trino releases:

• Trino 463

• Trino 464

• Trino 465

• Trino 466

• Trino 467

• Trino 468

Highlights since 462-e

• Refreshed the Starburst Enterprise web UI with a new look and feel.

• Added support for dynamic catalog management as a public preview.

• SQL routines have been renamed to User-defined functions in Trino, and are now available as a GA feature. Python UDFs are available as a public preview.

• Added the Starburst Stargate parallel connector connector as a public preview.

• Added support for CyberArk Conjur as a secrets configuration provider.

Breaking changes

• The delta.metadata.cache-size Delta Lake catalog configuration property has been replaced by delta.metadata.cache-max-retained-size. delta.metadata.cache-ttl now defaults to 30m.

• The partitions column on the $manifests metadata table of Iceberg catalogs has been renamed to partition_summaries.

• Built-in access control is required to use schema discovery. Schema discovery is enabled by default when BIAC is enabled. However, if starburst.schema-discovery.enabled is set to true, you must set starburst.access-control.enabled to true to use schema discovery or the cluster fails to start.

• The following legacy protocol.v1.* configuration properties have been removed:

  • protocol.v1.prepared-statement-compression.length-threshold

  • protocol.v1.prepared-statement-compression.min-gain

  • protocol.v1.alternate-header-name.

  These properties must be removed from your cluster configuration and any legacy clients reliant on the protocol.v1.alternate-header-name client protocol header must be updated.

• Password-based authentication in the Cassandra connector now requires the cassandra.security=PASSWORD catalog configuration property along with credentials configured in the cassandra.username and cassandra.password properties.

• In the Iceberg connector, the schema and table arguments have been removed from the table_changes table function in favor of schema_name and table_named, respectively.

• The iceberg.rest-catalog.parent-namespace configuration property has been removed. For Unity catalogs, use the iceberg.rest-catalog.warehouse configuration property instead.

• To enable user impersonation with the Hadoop Distributed File System (HDFS), both the hive.hdfs.impersonation.enabled and fs.hadoop.enabled properties must be set to true. If you have hive.hdfs.impersonation.enabled set to true but fs.hadoop.enabled is not set to true, you must update your configuration or the cluster fails to start.

• The Hive connector no longer allows materialized views and HMS/HDFS impersonation to be enabled simultaneously on the same catalog. You can temporarily disable enforcement of this change by turning off SEP config validation.

• In order to enable credential passthrough for a non-native filesystem with Microsoft Entra ID, you must now set the hive.azure.abfs.oauth2.passthrough and fs.hadoop.enabled properties to true. If you have hive.azure.abfs.oauth2.passthrough set to true but fs.hadoop.enabled is not set to true, you must update your configuration or the cluster fails to start.

• The schema-discovery.starburst-jdbc-url, schema-discovery.starburst-user, and schema-discovery.starburst-password catalog configuration properties have been removed. You must remove these properties from your configuration or the cluster fails to start.

• The hive.security=deprecated-ranger and delta.security=deprecated-ranger properties have been removed from the Hive and Delta Lake connectors, respectively. You must follow the migration guide to continue to use the Apache Ranger integration.

• The s3.security-mapping.enabled=true catalog configuration property is required when migrating an AWS Lake Formation catalog to native file system support. You must update existing configurations or the cluster fails to start.

• The deprecated RubiX cache has been removed from the SEP Helm chart.

468-e initial changes

General

• Refreshed the Starburst Enterprise web UI with a new look and feel.

• Added support for dynamic catalog management as a public preview.

• Added support for SHOW CREATE CATALOG to view statements used to create catalogs with CREATE CATALOG.

• Added support for ALTER CATALOG.

• Added an option to override the default storage schema for materialized view datasets in data products.

• Schema discovery no longer requires the user to have the sysadmin role.

• SQL routines have been renamed to User-defined functions in Trino, and are now available as a GA feature. Python UDFs are available as a public preview.

• Fixed a bug that prevented access to the Azure Storage file system when both the fs.native-azure.enabled and azure.use-oauth-passthrough-token catalog configuration properties were enabled.

• Remediated CVE-2024-3596 and CVE-2024-6345 with an update to the KEDA scaler in the SEP Helm chart.

Security

• Added support for token-based authentication with CyberArk Conjur.

• Added support for configuring multiple Hive-based Ranger access controls.

MaxCompute connector

• Added support for table scan redirection.

• Added support for limit pushdown for both managed and non-managed tables.

• Added support for predicate pushdown for non-managed tables.

• Added the maxcompute.average.record.size configuration property to set the average size of a record in bytes.

• Added the maxcompute.instance-hints configuration property to tune instance parameters for non-managed tables.

Snowflake connector

• Added support for CAST pushdowns.

Teradata connector

• Added support for aggregation pushdown on textual columns.

468-e.1 changes (28 Feb 2025)

• Fixed an issue when attempting to execute CREATE OR REPLACE MATERIALIZED VIEW when using Oracle as the backend database.

• Fixed parsing of negative hexadecimal, octal, and binary numeric literals.

• Fixed failures with recursive delete operations on S3Express preventing usage for fault-tolerant execution.

• Fixed failures when using the spooling protocol with a cluster using its own certificate chain.

• Fixed deserialization failures with SetDigest, BingTile, and Color types.

• Fixed failure when updating values to NULL.

• Corrected catalog information in JMX metrics when using file system caching with multiple catalogs.

• Fixed table read failures when using the Alluxio file system.

• Mitigated CVE-2024-43382.

• Prevented connection leakage when using the Azure Storage file system.

• Fixed failure when using upper-case variable names in SQL user-defined functions.

• Prevented failures of the array_histogram() function when the input contains NULL values.

• Fixed potential table corruption when using the vacuum procedure.

• Fixed NullPointerException when listing tables on Glue.

• Fixed failure when reading from tables with equality deletes with nested fields.

468-e.2 changes (18 Mar 2025)

• Fixed column masks not applying to columns in views with non-lowercase names.

• Fixed reading restored S3 glacier objects when the hive.s3.storage-class-filter configuration property is set to READ_NON_GLACIER_AND_RESTORED.

• Fixed failures caused by tables with case-sensitive name conflicts.

• Fixed redundant condition in permission check for user access to the workload management feature.

• Prevented failures when fault-tolerant execution is configured with an exchange manager that uses Azure storage with workload identity.