Dear Ranger Community members,
Thanks for all the +1s for Apache Release 2.3 release work. Here is the
revised list of JIRAs that are to be in Apache Release 2.3.
Apache Ranger 2.3 branch is now closed for further commits to start the
artifacts build. Thank you all for the support.
Regards,
Ramesh
Apache Release 2.3 JIRAs.
Improvements:
RANGER-2846 Add support for resource[volume, bucket, key] look up in ozone
plugin
RANGER-2967 Add support for Amazon CloudWatch Logs as an Audit Store
RANGER-3023 Permission tab takes longer time to load with large number of
users and group_users data
RANGER-3030 Replace Findbugs with Spotbugs maven plugin
RANGER-3182 Prestosql is renamed to Trino
RANGER-3221 Improve logging in Presto plugin
RANGER-3276 Remove duplicate code from buildks.java
RANGER-3290 ArrayIndexOutOfBoundsException if solr is down
RANGER-3299 Upgrading the bouncycastle version for bcprov-jdk15on
RANGER-3298 Add coarse URI check for Hive Agent
RANGER-3389 Swagger UI Support for Ranger REST API
RANGER-3435 Add unique index on guid, service and zone_id column of
x_policy table
RANGER-3439 Add rest api to get or delete ranger policy based on guid
RANGER-3455 [Logout-Ranger] Should either be disabled/ should redirect to
knox logout page
RANGER-3459 Upgrade Ranger's Kafka dependency to 2.8
RANGER-3475 Promote TagRest endpoints to /public/v2
RANGER-3487 Update underscore js with latest version.
RANGER-3493 Add unique index on service and resource_signature column of
x_policy table
RANGER-3498 RANGER : Remove log4j1 dependencies.
RANGER-3504 Create framework to execute DB patch dependent on Java patch.
RANGER-3510 Ranger upgrade spring framework version to 5.3.12
RANGER-3511 Create Java patch to update policy resource-signature to unique
value.
RANGER-3512 Create Java patch to update policy guid to unique value.
RANGER-3515 Enhance Ranger Java client SSL config to be configured using
serviceType and AppId
RANGER-3518 Limit the query size stored in Audit logs
RANGER-3521 Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC 6797
RANGER-3526 policy evaluation ordering to use name as secondary sorting key
RANGER-3533 Provide sorting on columns throughout the audits result set and
policy listing page.
RANGER-3538 Reduce the granularity of locking when building/retrieving a
policy-engine within Ranger admin service
RANGER-3539 Add jacoco-maven-plugin for code coverage
RANGER-3540 Add support to read audit logs from Amazon CloudWatch
RANGER-3545 Remove Logger Checks for Info Enabled
RANGER-3548 Update performance engine test scripts
RANGER-3550 support for using user/tag attributes in row-filter expressions
and conditions
RANGER-3551 Analyze & optimize module permissions related API
RANGER-3553 Unit test coverage for XUserMgr and UserMgr class
RANGER-3556 Ranger tagsync logs unnecessary messages
RANGER-3561 Upgrade Storm version to 1.2.4
RANGER-3562 Redesign post commit tasks for updating ref-tables when
policy/role is updated
RANGER-3565 RangerRESTClient to support retry
RANGER-3566 Update version in ranger-2.3 to 2.3.0-SNAPSHOT
RANGER-3567 support for use of user attributes in policy resources
RANGER-3569 Support Ranger KMS integration with Google cloud HSM
RANGER-3573 Add vim in docker base image
RANGER-3577 RANGER : Upgrade POI version to 5.1.0
RANGER-3578 Simplify code for policy label creation
RANGER-3580 Support Ranger KMS integration with TencentKMS
RANGER-3585 Docker setup to run Ranger usersync and tagsync
RANGER-3586 Script condition expression to support csv of group/tag
attributes
RANGER-3595 Tar of KMS contains rubbish files
RANGER-3597 User role should not be able to modify the Policy
RANGER-3600 Ranger service tags import request failure
RANGER-3603 HDFS audit files rollover improvement to trigger rollover in
monitoring thread
RANGER-3605 Support macros in row-filter/condition expressions
RANGER-3606 remove unnecessary static members from plugin class loaders
RANGER-3609 option to add user group enricher automatically based on
references in policies
RANGER-3620 Ranger - Upgrade tomcat to 8.5.75
RANGER-3621 Optimise Tag/Policy iterator
RANGER-3624 Update Ranger services Password Policy
RANGER-3628 Support fine grain authorization for different solr objects
RANGER-3629 RANGER - Handle solr permissions during upgrade
RANGER-3630 Support wildcards, group short names, and list of memberof
attribute DNs for computing user search filter
RANGER-3632 Improve ranger logs, RENAME_ON_ROTATE and others
RANGER-3634 Remove duplicate entries from usersync distribution file
RANGER-3646 LOG.debug print content error
RANGER-3647 Connection to DB fails for MySQL version above 8.0
RANGER-3649 Represent the Solr admin object types on the Ranger UI
RANGER-3651 Remove jersey 1.x version dependency for knox plugin
RANGER-3653 Replace aws java sdk bom dependencies with bundled dependencies
RANGER-3658 Docker: Ranger containers to run as user=ranger
RANGER-3659 Ranger Admin goes to OOM when usersync is trying to delete
existing group mappings from ranger DB
RANGER-3660 [Ranger Admin UI] Improvements in tooltip hints for better user
experience
RANGER-3662 There should be a pause button for error popup
RANGER-3665 "No Data Found !!" messages in Ranger admin UI alarm users
RANGER-3666 Ranger UI improvement - Add warning popup if auto-complete for
resource lookup is failing in Edit policy page
RANGER-3667 Improve feedback in policy creation UI when resource does not
exist
RANGER-3669 Connection to DB fails for MySQL version above 8.0
RANGER-3672 Show better error messages during failed logins
RANGER-3673 Need to enable cipher configuration for Usersync
RANGER-3675 Upgrade tomcat due to intermittent READ TIMEOUT
RANGER-3686 Docker setup to run Ranger with MySQL database
RANGER-3687 Password Policy Best Practices for Strong Security
RANGER-3689 Ranger : ranger-2.3 Port missing commits.
RANGER-3693 Ranger - Upgrade tomcat to 8.5.78
RANGER-3698 Ranger - Upgrade kylin to 3.1.3
RANGER-3699 Ranger - Upgrade poi to 5.2.1+
RANGER-3704 remove semicolon from c3P0 preferredTestQuery
RANGER-3725 Update atlas default audit filter to filter Atlas entity-read
events by Nifi user.
RANGER-3736 Update RangerChainedPlugin to support masking and row-filtering
RANGER-3738 Restructure ranger Dockerfile to use multi-stage builds
RANGER-3743 Add isDenyAllElse mapping to addCustomRangerDefaultPolicies
method
RANGER-3744 Produces annotation ordering should be consistent: json, xml
Bug Fixes:
RANGER-2362 [security] Admin webui - Lack of account lockout
RANGER-2426 ranger-plugins-audits should depend on kafka-clients not kafka
server
RANGER-2704 Support browser login using kerberized authentication
RANGER-2847 Add support/Fix Test connection with Ozone service
RANGER-3285 expose user source details in ranger UI
RANGER-3403 Ranger usersync role based rules not working as expected
RANGER-3427 Null Dereference in PublicApis.java
RANGER-3433 Null Dereference in ServiceREST getPolicyByName method
RANGER-3442 Ranger KMS DAO memory issues when many new keys are created
RANGER-3468 When multiple Ranger tabs are opened, Some tabs are not
redirecting to Knox Logout page
RANGER-3484 Ranger usersync directory is being created as root owner
RANGER-3490 Make policy resource signature is unique in a service
RANGER-3502 Make GET zone APIs accessible to authorized users only
RANGER-3505 Ranger usersync fails to sync users when a duplicate user
exists in ranger
RANGER-3507 Handle trailing slash in the ranger Hive URL policy
authorization
RANGER-3509 update role fails for role admins
RANGER-3514 Fix updates to sync source post upgrades
RANGER-3516 Java patch 'J10045' taking more time during upgrade.
RANGER-3519 Provide an option to optimize space needed by Trie objects
RANGER-3522 Improve Tagsync authentication error reporting
RANGER-3527 Create Apache Ranger next maintenance release branch 2.3
RANGER-3528 Ranger Group creation audit is not shown during service creation
RANGER-3535 A delegate admin user should be able to add another user with
all or subset of permissions they have
RANGER-3542 Invalid HTTPS Check
RANGER-3543 Remove spotbugs-annotations-3.1.9 from classpath
RANGER-3544 Security zones listing will be in alphabetical order.
RANGER-3546 Update Spotbugs plugin Executions cycle
RANGER-3547 Upgrade to use log4j 2.16.0+ version to ensure that we are
using supported version of log4j
RANGER-3554 [Intermittent] API call to fetch the list of policies for a
particular service repo returns a deleted policy in the response
RANGER-3557 Upgrade to use log4j 2.17.0+ version to ensure that we are
using supported version of log4j
RANGER-3559 RANGER KMS - Metric details for kms are not getting collected
RANGER-3563 [Docker] plugin installation fails with error:
XAAUDIT.AMAZON_CLOUDWATCH.ENABLE not defined
RANGER-3564 Installation of Ranger plugin for HDFS fails due to missing
libraries
RANGER-3568 Services of one zone are seen in other zone from UI
RANGER-3571 Typo in GrantRevokeRoleRequest.java
RANGER-3576 service creation is failing intermittently due to DB unique key
constraint violation
RANGER-3579 Upgrade Log4j2 to 2.17.1 due to CVE-2021-44832
RANGER-3584 ServiceTags are not computed correctly by applying incremental
changes to existing ServiceTags
RANGER-3589 Ranger java patches failing due to admin privilege checks.
RANGER-3591 Upgrade protobuf-java to 3.19.3
RANGER-3592 Upgrade Spring framework to 5.3.15
RANGER-3593 the hive table owner who create the table can not have the
full privilege
RANGER-3594 mysql setup scripts failed with binlog-enabled mysql
RANGER-3610 Docker: Skip service creation for ranger components during
ranger container restart
RANGER-3611 Uncatched NullPointerException when missing lastKnownVersion in
ServiceREST::getServicePoliciesIfUpdated
RANGER-3613 RANGER KMS : Check if master key with the given alias exists or
not if LUNA HSM is enabled.
RANGER-3617 incorrect deny for _any access due to tag policy
RANGER-3619 REST API should return 403 when authenticated client is not
allowed to access API.
RANGER-3625 Update isDebugEnable condition in RangerHiveAuthorizer
RANGER-3631 logback.xml of rangeradmin leads to log confusion.
RANGER-3638 Solr Ranger document level security breaks solr if collection
is reloaded
RANGER-3642 Ranger - Upgrade jquery-ui to 1.13.1
RANGER-3644 tagsync: FileTagSource to retry if Ranger is not reachable
RANGER-3652 update resource-matcher unit tests to include wildcard=false
RANGER-3663 RangerBizUtil.checkAdminAccess() should return false if
user-session is not available
RANGER-3674 Fix PMD issue
RANGER-3676 tag-based policies don't recognize {OWNER} in users as resource
owners
RANGER-3677 Update Password Policy validation at WEB-UI
RANGER-3678 Update password validation criteria
RANGER-3681 Ranger Database deadlock when createPolicy is running parallel
RANGER-3690 Fix NullPointerException in java patch 054
RANGER-3691 Upgrade spring to 5.3.18 CVE-2022-22965
RANGER-3692 Ranger cannot connect to the DB when the DB is outaged for a
long time
RANGER-3702 RANGER - Export policy in excel is failing.
RANGER-3709 Fix NullPointerException in getSecureServicePoliciesIfUpdated
call of ServiceRest
RANGER-3735 RANGER : Behaviour change in external user status.
RANGER-3750 RANGER : PatchForSolrSvcDefAndPoliciesUpdate_J10055 failing
with 'duplicate key value violates unique constraint'
On Mon, May 2, 2022 at 2:46 PM Velmurugan Periasamy <v...@apache.org> wrote:
>
> +1
>
> Thanks Ramesh.
>
> On Mon, May 2, 2022 at 12:54 PM Nixon Rodrigues <ni...@atlan.com> wrote:
>
>> Thanks Ramesh for volunteering for release.
>> +1 for Ranger 2.3 release. Thanks for the initiative.
>>
>>
>> On Fri, 29 Apr 2022 at 22:25, Sailaja Polavarapu <
>> spolavar...@cloudera.com.invalid> wrote:
>>
>>> Hi Ramesh,
>>> +1 for Ranger 2.3 release. Thanks for the initiative.
>>> - Sailaja
>>>
>>> On Thu, Apr 28, 2022 at 7:21 AM Ramesh Mani <rm...@apache.org> wrote:
>>>
>>> > zhoutianling,
>>> >
>>> > Thanks for the review. These Jiras are part of the Apache Ranger 2.3
>>> apache
>>> > release, it's not pulled in this published list as this may not have
>>> > correct fixed version maintained or it is part of KMS as a component. I
>>> > shall add it to the list in the release note.
>>> >
>>> > Thanks,
>>> > Ramesh
>>> >
>>> > On Thu, Apr 28, 2022 at 2:19 AM KirbY ZhoU <
>>> zhoutianl...@sensorsdata.cn>
>>> > wrote:
>>> >
>>> > > Missed some commit
>>> > > For example:
>>> > >
>>> > > RANGER-3299
>>> > > RANGER-3580
>>> > > RANGER-3600
>>> > > RANGER-3619
>>> > > RANGER-3669
>>> > >
>>> > > 在 2022/4/27 14:49,“Ramesh Mani”<rm...@apache.org> 写入:
>>> > >
>>> > > Dear Ranger Community members,
>>> > >
>>> > > There are various features and critical bug fixes done in the
>>> Apache
>>> > > Ranger
>>> > > project since the release of Apache Ranger 2.2.0.
>>> > > Around 55 improvements, 45 bug fixes and a total of 527 commits
>>> were
>>> > > made
>>> > > from the last release.
>>> > > Now with that Ranger community is expecting a release to adapt
>>> those
>>> > > changes and hence planning this release.
>>> > >
>>> > > Please review and provide your opinion.
>>> > >
>>> > > Thanks,
>>> > > Ramesh
>>> > >
>>> > > *Improvements:*
>>> > >
>>> > > RANGER-3687 Password Policy Best Practices for Strong
>>> Security
>>> > > RANGER-3667 Improve feedback in policy creation UI when
>>> resource
>>> > > does
>>> > > not exist
>>> > > RANGER-3659 Ranger Admin goes to OOM when usersync is trying
>>> to
>>> > > delete
>>> > > existing group mappings from ranger DB
>>> > > RANGER-3459 Upgrade Ranger's Kafka dependency to 2.8
>>> > > RANGER-3551 Analyze & optimize module permissions related API
>>> > > RANGER-3539 Add jacoco-maven-plugin for code coverage
>>> > > RANGER-3562 Redesign post commit tasks for updating
>>> ref-tables
>>> > when
>>> > > policy/role is updated
>>> > > RANGER-3540 Add support to read audit logs from Amazon
>>> CloudWatch
>>> > > RANGER-3030 Replace Findbugs with Spotbugs maven plugin
>>> > > RANGER-3538 Reduce the granularity of locking when
>>> > > building/retrieving
>>> > > a policy-engine within Ranger admin service
>>> > > RANGER-3518 Limit the query size stored in Audit logs
>>> > > RANGER-3276 Remove duplicate code from buildks.java
>>> > > RANGER-3515 Enhance Ranger Java client SSL config to be
>>> > configured
>>> > > using serviceType and AppId
>>> > > RANGER-3504 Create framework to execute DB patch dependent on
>>> > Java
>>> > > patch.
>>> > > RANGER-3023 Permission tab takes longer time to load with
>>> large
>>> > > number
>>> > > of users and group_users data
>>> > > RANGER-3487 Update underscore js with latest version.
>>> > > RANGER-3548 Update performance engine test scripts
>>> > > RANGER-3556 Ranger tagsync logs unnecessary messages
>>> > > RANGER-3573 Add vim in docker base image
>>> > > RANGER-3578 Simplify code for policy label creation
>>> > > RANGER-3675 Upgrade tomcat due to intermittent READ TIMEOUT
>>> > > RANGER-3686 Docker setup to run Ranger with MySQL database
>>> > > RANGER-3628 Support fine grain authorization for different
>>> solr
>>> > > objects
>>> > > RANGER-3629 RANGER - Handle solr permissions during upgrade
>>> > > RANGER-3665 "No Data Found !!" messages in Ranger admin UI
>>> alarm
>>> > > users
>>> > > RANGER-3662 There should be pause button for error popup
>>> > > RANGER-3660 [Ranger Admin UI] Improvements in tooltip hints
>>> for
>>> > > better
>>> > > user experience
>>> > > RANGER-3649 Represent the Solr admin object types on the
>>> Ranger
>>> > UI
>>> > > RANGER-3658 Docker: Ranger containers to run as user=ranger
>>> > > RANGER-3603 HDFS audit files rollover improvement to trigger
>>> > > rollover
>>> > > in monitoring thread
>>> > > RANGER-3651 Remove jersey 1.x version dependency for knox
>>> plugin
>>> > > RANGER-3621 Optimise Tag/Policy iterator
>>> > > RANGER-3521 Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT
>>> DEFINED
>>> > > BY RFC
>>> > > 6797
>>> > > RANGER-3455 [Logout-Ranger] Should either be disabled/ should
>>> > > redirect
>>> > > to knox logout page
>>> > > RANGER-3630 Support wildcards, group short names, and list of
>>> > > memberof
>>> > > attribute DNs for computing user search filter
>>> > > RANGER-3597 User role should not be able to modify the Policy
>>> > > RANGER-3512 Create Java patch to update policy guid to unique
>>> > > value.
>>> > > RANGER-3511 Create Java patch to update policy
>>> resource-signature
>>> > > to
>>> > > unique value.
>>> > > RANGER-3493 Add unique index on service and
>>> resource_signature
>>> > > column
>>> > > of x_policy table
>>> > > RANGER-3435 Add unique index on guid, service and zone_id
>>> column
>>> > of
>>> > > x_policy table
>>> > > RANGER-3439 Add rest api to get or delete ranger policy
>>> based on
>>> > > guid
>>> > > RANGER-3498 RANGER : Remove log4j1 dependencies.
>>> > > RANGER-3475 Promote TagRest endpoints to /public/v2
>>> > > RANGER-3698 Ranger - Upgrade kylin to 3.1.3
>>> > > RANGER-3699 Ranger - Upgrade poi to 5.2.1+
>>> > > RANGER-3533 Provide sorting on columns throughout the audits
>>> > > result set
>>> > > and policy listing page.
>>> > > RANGER-3693 Ranger - Upgrade tomcat to 8.5.78
>>> > > RANGER-3689 Ranger : ranger-2.3 Port missing commits.
>>> > > RANGER-3620 Ranger - Upgrade tomcat to 8.5.75
>>> > > RANGER-3577 RANGER : Upgrade POI version to 5.1.0
>>> > > RANGER-3566 Update version in ranger-2.3 to 2.3.0-SNAPSHOT
>>> > > RANGER-3553 Unit test coverage for XUserMgr and UserMgr class
>>> > > RANGER-3653 Replace aws java sdk bom dependencies with
>>> bundled
>>> > > dependencies
>>> > > RANGER-3561 Upgrade Storm version to 1.2.4
>>> > > RANGER-3704 remove semicolon from c3P0 preferredTestQuery
>>> > >
>>> > > *Bug Fixes:*
>>> > >
>>> > > RANGER-3544 Security zones listing will be in alphabetical
>>> order.
>>> > > RANGER-3638 Solr Ranger document level security breaks solr
>>> if
>>> > > collection is reloaded
>>> > > RANGER-3591 Upgrade protobuf-java to 3.19.3
>>> > > RANGER-3403 Ranger usersync role based rules not working as
>>> > > expected
>>> > > RANGER-3285 expose user source details in ranger UI
>>> > > RANGER-3592 Upgrade Spring framework to 5.3.15
>>> > > RANGER-3568 Services of one zone are seen in other zone from
>>> UI
>>> > > RANGER-3589 Ranger java patches failing due to admin
>>> privilege
>>> > > checks.
>>> > > RANGER-3543 Remove spotbugs-annotations-3.1.9 from classpath
>>> > > RANGER-3554 [Intermittent] API call to fetch the list of
>>> policies
>>> > > for a
>>> > > particular service repo returns a deleted policy in the response
>>> > > RANGER-3546 Update Spotbugs plugin Executions cycle
>>> > > RANGER-3427 Null Dereference in PublicApis.java
>>> > > RANGER-3502 Make GET zone APIs accessible to authorized users
>>> > only
>>> > > RANGER-3535 A delegate admin user should be able to add
>>> another
>>> > > user
>>> > > with all or subset of permissions they have
>>> > > RANGER-3468 When multiple Ranger tabs are opened, Some tabs
>>> are
>>> > not
>>> > > redirecting to Knox Logout page
>>> > > RANGER-3528 Ranger Group creation audit is not shown during
>>> > service
>>> > > creation
>>> > > RANGER-3490 Make policy resource signature is unique in a
>>> service
>>> > > RANGER-3507 Handle trailing slash in the ranger Hive URL
>>> policy
>>> > > authorization
>>> > > RANGER-3519 Provide an option to optimize space needed by
>>> Trie
>>> > > objects
>>> > > RANGER-3516 Java patch 'J10045' taking more time during
>>> upgrade.
>>> > > RANGER-3505 Ranger usersync fails to sync users when a
>>> duplicate
>>> > > user
>>> > > exists in ranger
>>> > > RANGER-3509 update role fails for role admins
>>> > > RANGER-3433 Null Dereference in ServiceREST getPolicyByName
>>> > method
>>> > > RANGER-2704 Support browser login using kerberized
>>> authentication
>>> > > RANGER-3584 ServiceTags are not computed correctly by
>>> applying
>>> > > incremental changes to existing ServiceTags
>>> > > RANGER-3663 RangerBizUtil.checkAdminAccess() should return
>>> false
>>> > if
>>> > > user-session is not available
>>> > > RANGER-3709 Fix NullPointerException in
>>> > > getSecureServicePoliciesIfUpdated call of ServiceRest
>>> > > RANGER-3702 RANGER - Export policy in excel is failing.
>>> > > RANGER-3677 Update Password Policy validation at WEB-UI
>>> > > RANGER-3690 Fix NullPointerException in java patch 054
>>> > > RANGER-2362 [security] Admin webui - Lack of account lockout
>>> > > RANGER-3678 Update password validation criteria
>>> > > RANGER-3674 Fix PMD issue
>>> > > RANGER-3642 Ranger - Upgrade jquery-ui to 1.13.1
>>> > > RANGER-3559 RANGER KMS - Metric details for kms are not
>>> getting
>>> > > collected
>>> > > RANGER-3625 Update isDebugEnable condition in
>>> > RangerHiveAuthorizer
>>> > > RANGER-3610 Docker: Skip service creation for ranger
>>> components
>>> > > during
>>> > > ranger container restart
>>> > > RANGER-3594 mysql setup scripts failed with binlog-enabled
>>> mysql
>>> > > RANGER-3593 the hive table owner who create the table can
>>> not
>>> > > have the
>>> > > full privilege
>>> > > RANGER-3579 Upgrade Log4j2 to 2.17.1 due to CVE-2021-44832
>>> > > RANGER-3557 Upgrade to use log4j 2.17.0+ version to ensure
>>> that
>>> > we
>>> > > are
>>> > > using supported version of log4j
>>> > > RANGER-3576 service creation is failing intermittently due
>>> to DB
>>> > > unique
>>> > > key constraint violation
>>> > > RANGER-3547 Upgrade to use log4j 2.16.0+ version to ensure
>>> that
>>> > we
>>> > > are
>>> > > using supported version of log4j
>>> > >
>>> > >
>>> > >
>>> > >
>>> > >
>>> >
>>
>>
