Hi team,
We know that Hive 4.0.0 release is ongoing but considering the number of changes going into the release, it will take some iterations to come up with the stable version for the same. Meanwhile there are a lot of issues in Hive 3.1.3 which our customers have reported. In this scenario, it makes sense to make a release from branch-3 which will have all the necessary upgrades, bug and CVE fixes which are causing issues to the existing customers. Also, Hive is still using Hadoop 3.1.0 whereas Spark 3.3 has already moved to Hadoop 3.3.1. Therefore, we need to do the same for hive. I will be happy to take the ownership of this new release and will be creating JIRA's for all the fixes that will go on with this release. Therefore, I am proposing a new release cut out from branch-3. The release version would be hive-3.2.0. This version will include major upgrades as: 1. Hadoop version upgrade to 3.3.4 2. Zookeeper version upgrade to 3.6.3 3. Tez version upgrade to 0.10.2 4. Calcite version upgrade to 1.25.0 5. Orc version upgrade to 1.6.9 This version will also include major CVE fixes as follows: 1. NVD - CVE-2020-13949 (nist.gov)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-13949&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390055897%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=s4ezoJrvuEaRcH77R990wsFVR7za%2BJEoGXyDcaj9mRE%3D&reserved=0> - Libthrift Upgrade to 0.14.1 (OSS Jira : https://issues.apache.org/jira/browse/HIVE-25098<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25098&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390055897%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ruoe71g5SDIudoTNVhQsTYwTs2r7UN1LrjL2XzOuB7g%3D&reserved=0>) 1. NVD - CVE-2015-1832 (nist.gov)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2015-1832&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390055897%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3Xs8rZwi2bIJEZyF%2FKf4614cBE6lmp8x%2FjvjB4FZpHs%3D&reserved=0> - Derby upgrade to 10.14.2.0 (OSS Jira : https://www.mail-archive.com/dev%40hive.apache.org/msg142721.html<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%2540hive.apache.org%2Fmsg142721.html&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390055897%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8VMamTvZ7WsH5ELN5MMHrryhLgE6QhtxTzrvJqJ%2FKmY%3D&reserved=0>) 1. NVD - CVE-2013-4002 (nist.gov)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2013-4002&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=sHWPLpDhWgoCfmfvUFXj%2FKNPWv5Dx7a2bZYpdYHNaOk%3D&reserved=0> - Xerces Upgrade to 2.12.2 (OSS Jira : https://issues.apache.org/jira/browse/HIVE-25920<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25920&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=b8p2xL4q7eOxI1DvAXNLmpkzjcOtgd%2F9HervKbZMwJ0%3D&reserved=0>) 1. NVD - CVE-2020-36518 (nist.gov)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-36518&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=NUyBIEfqM4dZ15Jk8645JJIHrl8o%2Bbhfj%2BBvkwhR7Mw%3D&reserved=0> - Jackson upgrade to 2.12.7 (OSS Jira : https://www.mail-archive.com/dev@hive.apache.org/msg142871.html<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%40hive.apache.org%2Fmsg142871.html&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Y9ikjhaWq76jWBxy25jRYddL%2BnbtgSOsdw0A5hAoUk8%3D&reserved=0>) 1. NVD - CVE-2022-23221 (nist.gov)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2022-23221&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=qWb60OLRTEA5hO7Wl2zdQH1s8DhteC1sVa8Ci0gdcR4%3D&reserved=0> - Upgrade H2 database version to 2.1.210 (OSS Jira : https://issues.apache.org/jira/browse/HIVE-25945<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25945&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6EqeYjUgBBW28GErorZgUEW2YaVN%2BLz1TAybzTWhgYQ%3D&reserved=0>) 1. WS-2021-0419 | Mend Vulnerability Database<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mend.io%2Fvulnerability-database%2FWS-2021-0419&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Bo7Ju4cPEFk7icPPSGJbxIFnERsmSqjYgES0FWS7xyc%3D&reserved=0> - Upgrade gson to 2.8.9 (OSS Jira : https://issues.apache.org/jira/browse/HIVE-26078<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26078&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YQh%2F75TBsYKkGmeUUTM7wnhWdQ50r11fIsfqQyim11I%3D&reserved=0>) 1. NVD - CVE-2020-11979 (nist.gov)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-11979&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=N9dF2RGaafx4FYKbs4ppk1o%2FjtTjRkAUbko2ou4fZaU%3D&reserved=0> - Upgrade ant to 1.10.9 (OSS Jira : [HIVE-26081] Upgrade ant to 1.10.9 - ASF JIRA (apache.org)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26081&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=XwU%2BPLbaWjCSoKPgj1l8Rniglm2%2FVjHGfq7bE4Tunn8%3D&reserved=0>) 1. NVD - CVE-2020-17533 (nist.gov)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-17533&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mVCHR8rYUfhMeVbbB%2BJd2SNBGYOXHwM3xBwTyp8%2BUHY%3D&reserved=0> - Upgrade accumulo-core to 1.10.1 (OSS Jira : [HIVE-26080] Upgrade accumulo-core to 1.10.1 - ASF JIRA (apache.org)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26080&data=05%7C01%7Crajaman%40microsoft.com%7C4aca06e9141241080c3008dabd70183e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030586390212126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dQi8mSnQiRlFgIgvm2TKegQNvZOIYequQUyCI2Oi074%3D&reserved=0>) The version can also contain critical bug fixes that have been fixed in Open-Source master. Please suggest any other important backports that can be included in this section. I am thinking of the backport of transaction statistics related patches to enable better CBO for ACID tables and datanucleus changes to 5.x can be some bug fixes that we can consume in this release. This is an Open forum and I welcome your suggestions on the same. We can take a month or two to make this release after validating the test scenarios and use cases. I will come up with the proper timelines for this 3.2.0 release once we get the community approval for the same. Thanks, Aman.
