Thank you for driving this!

To kick things off, I have filed HIVE-26702 for a backport of HIVE-17315 (a
total of 5 sub-tasks/patches) to 3.2.0. This adds support for more flexible
configuration of the metastore's database connection pooling. Dataproc's
distribution has been running this in production backported onto release
3.1.3, so I can provide the patches.

May I assume that our intent is to keep 3.2.x backward-compatible with
3.1.x?

Chris Nauroth


On Thu, Nov 3, 2022 at 3:53 AM Sankar Hariappan
<sankar.hariap...@microsoft.com.invalid> wrote:

> +1, I'm excited to see the scope includes important upgrades and CVE fixes.
> We should carefully port the relevant patches from master as code has been
> heavily refactored. But, it make perfect sense to give another 3.x release
> from Hive to keep the users delighted.
> Thanks Aman for the initiative!
>
> Thanks,
> Sankar
>
> -----Original Message-----
> From: 张铎(Duo Zhang) <palomino...@gmail.com>
> Sent: Thursday, November 3, 2022 2:53 PM
> To: dev@hive.apache.org
> Subject: [EXTERNAL] Re: Proposal : New Release 3.2.0 | Fixing CVE's and
> Bugs on apache hive branch-3
>
> [You don't often get email from palomino...@gmail.com. Learn why this is
> important at https://aka.ms/LearnAboutSenderIdentification ]
>
> +1, and please include HIVE-24694...
>
> Thanks.
>
> Aman Raj <raja...@microsoft.com.invalid> 于2022年11月3日周四 17:03写道:
> >
> > Hi team,
> >
> >
> > We know that Hive 4.0.0 release is ongoing but considering the number of
> changes going into the release, it will take some iterations to come up
> with the stable version for the same. Meanwhile there are a lot of issues
> in Hive 3.1.3 which our customers have reported. In this scenario, it makes
> sense to make a release from branch-3 which will have all the necessary
> upgrades, bug and CVE fixes which are causing issues to the existing
> customers. Also, Hive is still using Hadoop 3.1.0 whereas Spark 3.3 has
> already moved to Hadoop 3.3.1. Therefore, we need to do the same for hive.
> >
> >
> >
> > I will be happy to take the ownership of this new release and will be
> creating JIRA's for all the fixes that will go on with this release.
> >
> >
> >
> > Therefore, I am proposing a new release cut out from branch-3. The
> release version would be hive-3.2.0.
> >
> >
> >
> > This version will include major upgrades as:
> >
> >   1.  Hadoop version upgrade to 3.3.4
> >   2.  Zookeeper version upgrade to 3.6.3
> >   3.  Tez version upgrade to 0.10.2
> >   4.  Calcite version upgrade to 1.25.0
> >   5.  Orc version upgrade to 1.6.9
> >
> > This version will also include major CVE fixes as follows:
> >
> >   1.  NVD - CVE-2020-13949 (nist.gov)<
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-13949&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=8%2FAxIDkyXbP3KeRNFPEHXACUs65Hvn8Gu4pLiO%2FGKFM%3D&amp;reserved=0>
> - Libthrift Upgrade to 0.14.1 (OSS Jira :
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25098&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=dr4H5nzlL5dVken7blGVIzkjnkA7%2BknJU7y5swp9Mxg%3D&amp;reserved=0
> <
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25098&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=dr4H5nzlL5dVken7blGVIzkjnkA7%2BknJU7y5swp9Mxg%3D&amp;reserved=0
> >)
> >
> >   1.  NVD - CVE-2015-1832 (nist.gov)<
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2015-1832&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=lVHLRdFRdjHkCNuO1IbY8xzUXEEiZYvWo%2FEi%2FWMCJus%3D&amp;reserved=0>
> - Derby upgrade to 10.14.2.0 (OSS Jira :
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%2540hive.apache.org%2Fmsg142721.html&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=rMDpNYDeRUFkPWm7vTRWboB%2BN2PhexjBGVKPxhgz%2Bk8%3D&amp;reserved=0
> <
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%2540hive.apache.org%2Fmsg142721.html&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=rMDpNYDeRUFkPWm7vTRWboB%2BN2PhexjBGVKPxhgz%2Bk8%3D&amp;reserved=0
> >)
> >
> >   1.  NVD - CVE-2013-4002 (nist.gov)<
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2013-4002&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=ln8bZuxPpcVUomni21%2FT3eimARl4iT%2BhMr57AogMz9c%3D&amp;reserved=0>
> - Xerces Upgrade to 2.12.2 (OSS Jira :
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25920&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=AIywxMRby6Z4xHNp9Hka9Q9%2FhJ3D4kHDUNgY4rEaygo%3D&amp;reserved=0
> <
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25920&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=AIywxMRby6Z4xHNp9Hka9Q9%2FhJ3D4kHDUNgY4rEaygo%3D&amp;reserved=0
> >)
> >
> >   1.  NVD - CVE-2020-36518 (nist.gov)<
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-36518&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=gk3%2FsutEyYB6YduPMZ%2BPYdTP9NZEZg%2FB1s24d%2BdonbI%3D&amp;reserved=0>
> - Jackson upgrade to 2.12.7 (OSS Jira :
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%40hive.apache.org%2Fmsg142871.html&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=PHKXYj8H%2BBSp%2FXs7XgOhK6w%2Bx4Vq5PpSUSOvcYKkp8w%3D&amp;reserved=0
> <
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%40hive.apache.org%2Fmsg142871.html&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=PHKXYj8H%2BBSp%2FXs7XgOhK6w%2Bx4Vq5PpSUSOvcYKkp8w%3D&amp;reserved=0
> >)
> >
> >   1.  NVD - CVE-2022-23221 (nist.gov)<
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2022-23221&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=DOgyjVrYtzFm%2BvzjBcwpR%2BlWmwOa9qkvff2ik%2FJcAmE%3D&amp;reserved=0>
> - Upgrade H2 database version to 2.1.210 (OSS Jira :
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25945&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=sReKiRrehocsaFZUyMK0ZhoYseOduAtLcllgTD4x9gY%3D&amp;reserved=0
> <
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-25945&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=sReKiRrehocsaFZUyMK0ZhoYseOduAtLcllgTD4x9gY%3D&amp;reserved=0
> >)
> >
> >   1.  WS-2021-0419 | Mend Vulnerability Database<
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mend.io%2Fvulnerability-database%2FWS-2021-0419&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=jATt2Ozfg5oAf9viA4GHm0%2FzdDpsNRYkVHtKFzMtZno%3D&amp;reserved=0>
> - Upgrade gson to 2.8.9 (OSS Jira :
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26078&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=hg%2BJkLFld5YAXZtbvr%2B7ECORed33wMNO23lPBQi5als%3D&amp;reserved=0
> <
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26078&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=hg%2BJkLFld5YAXZtbvr%2B7ECORed33wMNO23lPBQi5als%3D&amp;reserved=0
> >)
> >
> >   1.  NVD - CVE-2020-11979 (nist.gov)<
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-11979&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=C3CjWkAWfHTUxxGvOPB9yM%2BQKoCdZ0BvF5zIXcqZ5yc%3D&amp;reserved=0>
> - Upgrade ant to 1.10.9 (OSS Jira : [HIVE-26081] Upgrade ant to 1.10.9 -
> ASF JIRA (apache.org)<
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26081&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=Tz1XTd9SLsN6Jr15mGomZBACmwbj3QqovA0T%2F977FVk%3D&amp;reserved=0
> >)
> >
> >   1.  NVD - CVE-2020-17533 (nist.gov)<
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-17533&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=8jGkdXlsmyCA772hZT9ZepxT6Llif%2BjNRuZV8vFRqho%3D&amp;reserved=0>
> - Upgrade accumulo-core to 1.10.1 (OSS Jira : [HIVE-26080] Upgrade
> accumulo-core to 1.10.1 - ASF JIRA (apache.org)<
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FHIVE-26080&amp;data=05%7C01%7CSankar.Hariappan%40microsoft.com%7C9a16a3a9d980415efe3308dabd7d0e80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638030642105079238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=%2BiKLyFXQ4cZRliAzGpuMWCuT2jhA5E16jnZzVbTqi0A%3D&amp;reserved=0
> >)
> >
> >
> >
> > The version can also contain critical bug fixes that have been fixed in
> Open-Source master. Please suggest any other important backports that can
> be included in this section.
> >
> > I am thinking of the backport of transaction statistics related patches
> to enable better CBO for ACID tables and datanucleus changes to 5.x can be
> some bug fixes that we can consume in this release. This is an Open forum
> and I welcome your suggestions on the same.
> >
> >
> >
> > We can take a month or two to make this release after validating the
> test scenarios and use cases. I will come up with the proper timelines for
> this 3.2.0 release once we get the community approval for the same.
> >
> >
> >
> > Thanks,
> >
> > Aman.
> >
>

Reply via email to