Additionally, this release was mainly to pick up two security fixes: CVE-2018-11785: - Missing authorization check in Apache Impala allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query
CVE-2018-11792 (IMPALA-7502): - ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL privilege on that table due to the privilege inherited from the database On Wed, Oct 24, 2018 at 12:06 PM Jim Apple <jbap...@apache.org> wrote: > The Apache Impala PMC is announcing the release of Impala 3.0.1. > > Impala is a high-performance distributed SQL engine. > > The release is available at https://impala.apache.org/downloads.html > > Thanks, > Jim Apple on behalf of the Apache Impala PMC > >
