Dear Ranger Community members, Thanks for all the +1s for Apache Release 2.3 release work. Here is the revised list of JIRAs that are to be in Apache Release 2.3.
Apache Ranger 2.3 branch is now closed for further commits to start the artifacts build. Thank you all for the support. Regards, Ramesh Apache Release 2.3 JIRAs. Improvements: RANGER-2846 Add support for resource[volume, bucket, key] look up in ozone plugin RANGER-2967 Add support for Amazon CloudWatch Logs as an Audit Store RANGER-3023 Permission tab takes longer time to load with large number of users and group_users data RANGER-3030 Replace Findbugs with Spotbugs maven plugin RANGER-3182 Prestosql is renamed to Trino RANGER-3221 Improve logging in Presto plugin RANGER-3276 Remove duplicate code from buildks.java RANGER-3290 ArrayIndexOutOfBoundsException if solr is down RANGER-3299 Upgrading the bouncycastle version for bcprov-jdk15on RANGER-3298 Add coarse URI check for Hive Agent RANGER-3389 Swagger UI Support for Ranger REST API RANGER-3435 Add unique index on guid, service and zone_id column of x_policy table RANGER-3439 Add rest api to get or delete ranger policy based on guid RANGER-3455 [Logout-Ranger] Should either be disabled/ should redirect to knox logout page RANGER-3459 Upgrade Ranger's Kafka dependency to 2.8 RANGER-3475 Promote TagRest endpoints to /public/v2 RANGER-3487 Update underscore js with latest version. RANGER-3493 Add unique index on service and resource_signature column of x_policy table RANGER-3498 RANGER : Remove log4j1 dependencies. RANGER-3504 Create framework to execute DB patch dependent on Java patch. RANGER-3510 Ranger upgrade spring framework version to 5.3.12 RANGER-3511 Create Java patch to update policy resource-signature to unique value. RANGER-3512 Create Java patch to update policy guid to unique value. RANGER-3515 Enhance Ranger Java client SSL config to be configured using serviceType and AppId RANGER-3518 Limit the query size stored in Audit logs RANGER-3521 Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC 6797 RANGER-3526 policy evaluation ordering to use name as secondary sorting key RANGER-3533 Provide sorting on columns throughout the audits result set and policy listing page. RANGER-3538 Reduce the granularity of locking when building/retrieving a policy-engine within Ranger admin service RANGER-3539 Add jacoco-maven-plugin for code coverage RANGER-3540 Add support to read audit logs from Amazon CloudWatch RANGER-3545 Remove Logger Checks for Info Enabled RANGER-3548 Update performance engine test scripts RANGER-3550 support for using user/tag attributes in row-filter expressions and conditions RANGER-3551 Analyze & optimize module permissions related API RANGER-3553 Unit test coverage for XUserMgr and UserMgr class RANGER-3556 Ranger tagsync logs unnecessary messages RANGER-3561 Upgrade Storm version to 1.2.4 RANGER-3562 Redesign post commit tasks for updating ref-tables when policy/role is updated RANGER-3565 RangerRESTClient to support retry RANGER-3566 Update version in ranger-2.3 to 2.3.0-SNAPSHOT RANGER-3567 support for use of user attributes in policy resources RANGER-3569 Support Ranger KMS integration with Google cloud HSM RANGER-3573 Add vim in docker base image RANGER-3577 RANGER : Upgrade POI version to 5.1.0 RANGER-3578 Simplify code for policy label creation RANGER-3580 Support Ranger KMS integration with TencentKMS RANGER-3585 Docker setup to run Ranger usersync and tagsync RANGER-3586 Script condition expression to support csv of group/tag attributes RANGER-3595 Tar of KMS contains rubbish files RANGER-3597 User role should not be able to modify the Policy RANGER-3600 Ranger service tags import request failure RANGER-3603 HDFS audit files rollover improvement to trigger rollover in monitoring thread RANGER-3605 Support macros in row-filter/condition expressions RANGER-3606 remove unnecessary static members from plugin class loaders RANGER-3609 option to add user group enricher automatically based on references in policies RANGER-3620 Ranger - Upgrade tomcat to 8.5.75 RANGER-3621 Optimise Tag/Policy iterator RANGER-3624 Update Ranger services Password Policy RANGER-3628 Support fine grain authorization for different solr objects RANGER-3629 RANGER - Handle solr permissions during upgrade RANGER-3630 Support wildcards, group short names, and list of memberof attribute DNs for computing user search filter RANGER-3632 Improve ranger logs, RENAME_ON_ROTATE and others RANGER-3634 Remove duplicate entries from usersync distribution file RANGER-3646 LOG.debug print content error RANGER-3647 Connection to DB fails for MySQL version above 8.0 RANGER-3649 Represent the Solr admin object types on the Ranger UI RANGER-3651 Remove jersey 1.x version dependency for knox plugin RANGER-3653 Replace aws java sdk bom dependencies with bundled dependencies RANGER-3658 Docker: Ranger containers to run as user=ranger RANGER-3659 Ranger Admin goes to OOM when usersync is trying to delete existing group mappings from ranger DB RANGER-3660 [Ranger Admin UI] Improvements in tooltip hints for better user experience RANGER-3662 There should be a pause button for error popup RANGER-3665 "No Data Found !!" messages in Ranger admin UI alarm users RANGER-3666 Ranger UI improvement - Add warning popup if auto-complete for resource lookup is failing in Edit policy page RANGER-3667 Improve feedback in policy creation UI when resource does not exist RANGER-3669 Connection to DB fails for MySQL version above 8.0 RANGER-3672 Show better error messages during failed logins RANGER-3673 Need to enable cipher configuration for Usersync RANGER-3675 Upgrade tomcat due to intermittent READ TIMEOUT RANGER-3686 Docker setup to run Ranger with MySQL database RANGER-3687 Password Policy Best Practices for Strong Security RANGER-3689 Ranger : ranger-2.3 Port missing commits. RANGER-3693 Ranger - Upgrade tomcat to 8.5.78 RANGER-3698 Ranger - Upgrade kylin to 3.1.3 RANGER-3699 Ranger - Upgrade poi to 5.2.1+ RANGER-3704 remove semicolon from c3P0 preferredTestQuery RANGER-3725 Update atlas default audit filter to filter Atlas entity-read events by Nifi user. RANGER-3736 Update RangerChainedPlugin to support masking and row-filtering RANGER-3738 Restructure ranger Dockerfile to use multi-stage builds RANGER-3743 Add isDenyAllElse mapping to addCustomRangerDefaultPolicies method RANGER-3744 Produces annotation ordering should be consistent: json, xml Bug Fixes: RANGER-2362 [security] Admin webui - Lack of account lockout RANGER-2426 ranger-plugins-audits should depend on kafka-clients not kafka server RANGER-2704 Support browser login using kerberized authentication RANGER-2847 Add support/Fix Test connection with Ozone service RANGER-3285 expose user source details in ranger UI RANGER-3403 Ranger usersync role based rules not working as expected RANGER-3427 Null Dereference in PublicApis.java RANGER-3433 Null Dereference in ServiceREST getPolicyByName method RANGER-3442 Ranger KMS DAO memory issues when many new keys are created RANGER-3468 When multiple Ranger tabs are opened, Some tabs are not redirecting to Knox Logout page RANGER-3484 Ranger usersync directory is being created as root owner RANGER-3490 Make policy resource signature is unique in a service RANGER-3502 Make GET zone APIs accessible to authorized users only RANGER-3505 Ranger usersync fails to sync users when a duplicate user exists in ranger RANGER-3507 Handle trailing slash in the ranger Hive URL policy authorization RANGER-3509 update role fails for role admins RANGER-3514 Fix updates to sync source post upgrades RANGER-3516 Java patch 'J10045' taking more time during upgrade. RANGER-3519 Provide an option to optimize space needed by Trie objects RANGER-3522 Improve Tagsync authentication error reporting RANGER-3527 Create Apache Ranger next maintenance release branch 2.3 RANGER-3528 Ranger Group creation audit is not shown during service creation RANGER-3535 A delegate admin user should be able to add another user with all or subset of permissions they have RANGER-3542 Invalid HTTPS Check RANGER-3543 Remove spotbugs-annotations-3.1.9 from classpath RANGER-3544 Security zones listing will be in alphabetical order. RANGER-3546 Update Spotbugs plugin Executions cycle RANGER-3547 Upgrade to use log4j 2.16.0+ version to ensure that we are using supported version of log4j RANGER-3554 [Intermittent] API call to fetch the list of policies for a particular service repo returns a deleted policy in the response RANGER-3557 Upgrade to use log4j 2.17.0+ version to ensure that we are using supported version of log4j RANGER-3559 RANGER KMS - Metric details for kms are not getting collected RANGER-3563 [Docker] plugin installation fails with error: XAAUDIT.AMAZON_CLOUDWATCH.ENABLE not defined RANGER-3564 Installation of Ranger plugin for HDFS fails due to missing libraries RANGER-3568 Services of one zone are seen in other zone from UI RANGER-3571 Typo in GrantRevokeRoleRequest.java RANGER-3576 service creation is failing intermittently due to DB unique key constraint violation RANGER-3579 Upgrade Log4j2 to 2.17.1 due to CVE-2021-44832 RANGER-3584 ServiceTags are not computed correctly by applying incremental changes to existing ServiceTags RANGER-3589 Ranger java patches failing due to admin privilege checks. RANGER-3591 Upgrade protobuf-java to 3.19.3 RANGER-3592 Upgrade Spring framework to 5.3.15 RANGER-3593 the hive table owner who create the table can not have the full privilege RANGER-3594 mysql setup scripts failed with binlog-enabled mysql RANGER-3610 Docker: Skip service creation for ranger components during ranger container restart RANGER-3611 Uncatched NullPointerException when missing lastKnownVersion in ServiceREST::getServicePoliciesIfUpdated RANGER-3613 RANGER KMS : Check if master key with the given alias exists or not if LUNA HSM is enabled. RANGER-3617 incorrect deny for _any access due to tag policy RANGER-3619 REST API should return 403 when authenticated client is not allowed to access API. RANGER-3625 Update isDebugEnable condition in RangerHiveAuthorizer RANGER-3631 logback.xml of rangeradmin leads to log confusion. RANGER-3638 Solr Ranger document level security breaks solr if collection is reloaded RANGER-3642 Ranger - Upgrade jquery-ui to 1.13.1 RANGER-3644 tagsync: FileTagSource to retry if Ranger is not reachable RANGER-3652 update resource-matcher unit tests to include wildcard=false RANGER-3663 RangerBizUtil.checkAdminAccess() should return false if user-session is not available RANGER-3674 Fix PMD issue RANGER-3676 tag-based policies don't recognize {OWNER} in users as resource owners RANGER-3677 Update Password Policy validation at WEB-UI RANGER-3678 Update password validation criteria RANGER-3681 Ranger Database deadlock when createPolicy is running parallel RANGER-3690 Fix NullPointerException in java patch 054 RANGER-3691 Upgrade spring to 5.3.18 CVE-2022-22965 RANGER-3692 Ranger cannot connect to the DB when the DB is outaged for a long time RANGER-3702 RANGER - Export policy in excel is failing. RANGER-3709 Fix NullPointerException in getSecureServicePoliciesIfUpdated call of ServiceRest RANGER-3735 RANGER : Behaviour change in external user status. RANGER-3750 RANGER : PatchForSolrSvcDefAndPoliciesUpdate_J10055 failing with 'duplicate key value violates unique constraint' On Mon, May 2, 2022 at 2:46 PM Velmurugan Periasamy <v...@apache.org> wrote: > > +1 > > Thanks Ramesh. > > On Mon, May 2, 2022 at 12:54 PM Nixon Rodrigues <ni...@atlan.com> wrote: > >> Thanks Ramesh for volunteering for release. >> +1 for Ranger 2.3 release. Thanks for the initiative. >> >> >> On Fri, 29 Apr 2022 at 22:25, Sailaja Polavarapu < >> spolavar...@cloudera.com.invalid> wrote: >> >>> Hi Ramesh, >>> +1 for Ranger 2.3 release. Thanks for the initiative. >>> - Sailaja >>> >>> On Thu, Apr 28, 2022 at 7:21 AM Ramesh Mani <rm...@apache.org> wrote: >>> >>> > zhoutianling, >>> > >>> > Thanks for the review. These Jiras are part of the Apache Ranger 2.3 >>> apache >>> > release, it's not pulled in this published list as this may not have >>> > correct fixed version maintained or it is part of KMS as a component. I >>> > shall add it to the list in the release note. >>> > >>> > Thanks, >>> > Ramesh >>> > >>> > On Thu, Apr 28, 2022 at 2:19 AM KirbY ZhoU < >>> zhoutianl...@sensorsdata.cn> >>> > wrote: >>> > >>> > > Missed some commit >>> > > For example: >>> > > >>> > > RANGER-3299 >>> > > RANGER-3580 >>> > > RANGER-3600 >>> > > RANGER-3619 >>> > > RANGER-3669 >>> > > >>> > > 在 2022/4/27 14:49,“Ramesh Mani”<rm...@apache.org> 写入: >>> > > >>> > > Dear Ranger Community members, >>> > > >>> > > There are various features and critical bug fixes done in the >>> Apache >>> > > Ranger >>> > > project since the release of Apache Ranger 2.2.0. >>> > > Around 55 improvements, 45 bug fixes and a total of 527 commits >>> were >>> > > made >>> > > from the last release. >>> > > Now with that Ranger community is expecting a release to adapt >>> those >>> > > changes and hence planning this release. >>> > > >>> > > Please review and provide your opinion. >>> > > >>> > > Thanks, >>> > > Ramesh >>> > > >>> > > *Improvements:* >>> > > >>> > > RANGER-3687 Password Policy Best Practices for Strong >>> Security >>> > > RANGER-3667 Improve feedback in policy creation UI when >>> resource >>> > > does >>> > > not exist >>> > > RANGER-3659 Ranger Admin goes to OOM when usersync is trying >>> to >>> > > delete >>> > > existing group mappings from ranger DB >>> > > RANGER-3459 Upgrade Ranger's Kafka dependency to 2.8 >>> > > RANGER-3551 Analyze & optimize module permissions related API >>> > > RANGER-3539 Add jacoco-maven-plugin for code coverage >>> > > RANGER-3562 Redesign post commit tasks for updating >>> ref-tables >>> > when >>> > > policy/role is updated >>> > > RANGER-3540 Add support to read audit logs from Amazon >>> CloudWatch >>> > > RANGER-3030 Replace Findbugs with Spotbugs maven plugin >>> > > RANGER-3538 Reduce the granularity of locking when >>> > > building/retrieving >>> > > a policy-engine within Ranger admin service >>> > > RANGER-3518 Limit the query size stored in Audit logs >>> > > RANGER-3276 Remove duplicate code from buildks.java >>> > > RANGER-3515 Enhance Ranger Java client SSL config to be >>> > configured >>> > > using serviceType and AppId >>> > > RANGER-3504 Create framework to execute DB patch dependent on >>> > Java >>> > > patch. >>> > > RANGER-3023 Permission tab takes longer time to load with >>> large >>> > > number >>> > > of users and group_users data >>> > > RANGER-3487 Update underscore js with latest version. >>> > > RANGER-3548 Update performance engine test scripts >>> > > RANGER-3556 Ranger tagsync logs unnecessary messages >>> > > RANGER-3573 Add vim in docker base image >>> > > RANGER-3578 Simplify code for policy label creation >>> > > RANGER-3675 Upgrade tomcat due to intermittent READ TIMEOUT >>> > > RANGER-3686 Docker setup to run Ranger with MySQL database >>> > > RANGER-3628 Support fine grain authorization for different >>> solr >>> > > objects >>> > > RANGER-3629 RANGER - Handle solr permissions during upgrade >>> > > RANGER-3665 "No Data Found !!" messages in Ranger admin UI >>> alarm >>> > > users >>> > > RANGER-3662 There should be pause button for error popup >>> > > RANGER-3660 [Ranger Admin UI] Improvements in tooltip hints >>> for >>> > > better >>> > > user experience >>> > > RANGER-3649 Represent the Solr admin object types on the >>> Ranger >>> > UI >>> > > RANGER-3658 Docker: Ranger containers to run as user=ranger >>> > > RANGER-3603 HDFS audit files rollover improvement to trigger >>> > > rollover >>> > > in monitoring thread >>> > > RANGER-3651 Remove jersey 1.x version dependency for knox >>> plugin >>> > > RANGER-3621 Optimise Tag/Policy iterator >>> > > RANGER-3521 Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT >>> DEFINED >>> > > BY RFC >>> > > 6797 >>> > > RANGER-3455 [Logout-Ranger] Should either be disabled/ should >>> > > redirect >>> > > to knox logout page >>> > > RANGER-3630 Support wildcards, group short names, and list of >>> > > memberof >>> > > attribute DNs for computing user search filter >>> > > RANGER-3597 User role should not be able to modify the Policy >>> > > RANGER-3512 Create Java patch to update policy guid to unique >>> > > value. >>> > > RANGER-3511 Create Java patch to update policy >>> resource-signature >>> > > to >>> > > unique value. >>> > > RANGER-3493 Add unique index on service and >>> resource_signature >>> > > column >>> > > of x_policy table >>> > > RANGER-3435 Add unique index on guid, service and zone_id >>> column >>> > of >>> > > x_policy table >>> > > RANGER-3439 Add rest api to get or delete ranger policy >>> based on >>> > > guid >>> > > RANGER-3498 RANGER : Remove log4j1 dependencies. >>> > > RANGER-3475 Promote TagRest endpoints to /public/v2 >>> > > RANGER-3698 Ranger - Upgrade kylin to 3.1.3 >>> > > RANGER-3699 Ranger - Upgrade poi to 5.2.1+ >>> > > RANGER-3533 Provide sorting on columns throughout the audits >>> > > result set >>> > > and policy listing page. >>> > > RANGER-3693 Ranger - Upgrade tomcat to 8.5.78 >>> > > RANGER-3689 Ranger : ranger-2.3 Port missing commits. >>> > > RANGER-3620 Ranger - Upgrade tomcat to 8.5.75 >>> > > RANGER-3577 RANGER : Upgrade POI version to 5.1.0 >>> > > RANGER-3566 Update version in ranger-2.3 to 2.3.0-SNAPSHOT >>> > > RANGER-3553 Unit test coverage for XUserMgr and UserMgr class >>> > > RANGER-3653 Replace aws java sdk bom dependencies with >>> bundled >>> > > dependencies >>> > > RANGER-3561 Upgrade Storm version to 1.2.4 >>> > > RANGER-3704 remove semicolon from c3P0 preferredTestQuery >>> > > >>> > > *Bug Fixes:* >>> > > >>> > > RANGER-3544 Security zones listing will be in alphabetical >>> order. >>> > > RANGER-3638 Solr Ranger document level security breaks solr >>> if >>> > > collection is reloaded >>> > > RANGER-3591 Upgrade protobuf-java to 3.19.3 >>> > > RANGER-3403 Ranger usersync role based rules not working as >>> > > expected >>> > > RANGER-3285 expose user source details in ranger UI >>> > > RANGER-3592 Upgrade Spring framework to 5.3.15 >>> > > RANGER-3568 Services of one zone are seen in other zone from >>> UI >>> > > RANGER-3589 Ranger java patches failing due to admin >>> privilege >>> > > checks. >>> > > RANGER-3543 Remove spotbugs-annotations-3.1.9 from classpath >>> > > RANGER-3554 [Intermittent] API call to fetch the list of >>> policies >>> > > for a >>> > > particular service repo returns a deleted policy in the response >>> > > RANGER-3546 Update Spotbugs plugin Executions cycle >>> > > RANGER-3427 Null Dereference in PublicApis.java >>> > > RANGER-3502 Make GET zone APIs accessible to authorized users >>> > only >>> > > RANGER-3535 A delegate admin user should be able to add >>> another >>> > > user >>> > > with all or subset of permissions they have >>> > > RANGER-3468 When multiple Ranger tabs are opened, Some tabs >>> are >>> > not >>> > > redirecting to Knox Logout page >>> > > RANGER-3528 Ranger Group creation audit is not shown during >>> > service >>> > > creation >>> > > RANGER-3490 Make policy resource signature is unique in a >>> service >>> > > RANGER-3507 Handle trailing slash in the ranger Hive URL >>> policy >>> > > authorization >>> > > RANGER-3519 Provide an option to optimize space needed by >>> Trie >>> > > objects >>> > > RANGER-3516 Java patch 'J10045' taking more time during >>> upgrade. >>> > > RANGER-3505 Ranger usersync fails to sync users when a >>> duplicate >>> > > user >>> > > exists in ranger >>> > > RANGER-3509 update role fails for role admins >>> > > RANGER-3433 Null Dereference in ServiceREST getPolicyByName >>> > method >>> > > RANGER-2704 Support browser login using kerberized >>> authentication >>> > > RANGER-3584 ServiceTags are not computed correctly by >>> applying >>> > > incremental changes to existing ServiceTags >>> > > RANGER-3663 RangerBizUtil.checkAdminAccess() should return >>> false >>> > if >>> > > user-session is not available >>> > > RANGER-3709 Fix NullPointerException in >>> > > getSecureServicePoliciesIfUpdated call of ServiceRest >>> > > RANGER-3702 RANGER - Export policy in excel is failing. >>> > > RANGER-3677 Update Password Policy validation at WEB-UI >>> > > RANGER-3690 Fix NullPointerException in java patch 054 >>> > > RANGER-2362 [security] Admin webui - Lack of account lockout >>> > > RANGER-3678 Update password validation criteria >>> > > RANGER-3674 Fix PMD issue >>> > > RANGER-3642 Ranger - Upgrade jquery-ui to 1.13.1 >>> > > RANGER-3559 RANGER KMS - Metric details for kms are not >>> getting >>> > > collected >>> > > RANGER-3625 Update isDebugEnable condition in >>> > RangerHiveAuthorizer >>> > > RANGER-3610 Docker: Skip service creation for ranger >>> components >>> > > during >>> > > ranger container restart >>> > > RANGER-3594 mysql setup scripts failed with binlog-enabled >>> mysql >>> > > RANGER-3593 the hive table owner who create the table can >>> not >>> > > have the >>> > > full privilege >>> > > RANGER-3579 Upgrade Log4j2 to 2.17.1 due to CVE-2021-44832 >>> > > RANGER-3557 Upgrade to use log4j 2.17.0+ version to ensure >>> that >>> > we >>> > > are >>> > > using supported version of log4j >>> > > RANGER-3576 service creation is failing intermittently due >>> to DB >>> > > unique >>> > > key constraint violation >>> > > RANGER-3547 Upgrade to use log4j 2.16.0+ version to ensure >>> that >>> > we >>> > > are >>> > > using supported version of log4j >>> > > >>> > > >>> > > >>> > > >>> > > >>> > >> >>