flyrain commented on code in PR #4479: URL: https://github.com/apache/polaris/pull/4479#discussion_r3289913121
########## CHANGELOG.md: ########## @@ -34,7 +34,12 @@ request adding CHANGELOG notes for breaking (!) changes and possibly other secti ### Breaking changes - The ExternalCatalogFactory interface has been renamed to FederatedCatalogFactory. Its createCatalog() and createGenericCatalog() method signatures have been extended to include a `catalogProperties` parameter of type `Map<String, String>` for passing through proxy and timeout settings to federated catalog HTTP clients. - The `ConnectionCredentials.of()` method now throws an exception when more than one expiration timestamp property is present in the credentials map. Only a single expiration timestamp is allowed per credentials bundle. -- Entity names (namespaces, tables, views, generic tables) submitted to the REST layer are now rejected with HTTP 400 if they are empty, contain a `/`, or have leading/trailing whitespace. Clients that were previously able to create such entities must rename them before upgrading. +- The REST layer now enforces stricter validation for entity names (including namespaces, tables, views, and generic tables). Requests containing invalid names will be rejected with an HTTP 400 error. Existing clients should verify and rename entities before upgrading if their names fall into the following forbidden categories: + - Empty strings + - Names consisting solely of `.` or `..` + - Names containing control (invisible) characters + - Names with leading or trailing whitespace + - Names containing any of these characters: `/\:*?"<>|#` Review Comment: Good catch. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
