Apache Ranger 2.4.0 - Release Notes - Ranger - Apache Software Foundation

Apache Ranger 2.4.0 - Release Notes - Ranger - Apache Software Foundation
DUE TO SPAM, SIGN-UP IS DISABLED. Goto
Selfserve wiki signup
and request an account.
Ranger
Blog
Pages
Space shortcuts
File lists
Page tree
Browse pages
tachments (0)
Page History
Resolved comments
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Copy Page Tree
Jira links
Apache Ranger 2.4.0 - Release Notes
Created by
Selvamohan Neethiraj
, last modified on
Mar 31, 2023
** Bug
* [RANGER-2737] - Ranger REST API returns different information when GET user by id and by name
* [RANGER-3080] - A service administrator should be allowed to set "excludes" flag for a policy resource
* [RANGER-3108] - NPE in RangerPolicyRepository.init
* [RANGER-3387] - Ranger Admin Header Validation.
* [RANGER-3394] - Too much `varchar(4000)` causes table to exceed ROW SIZE limit in MySQL
* [RANGER-3500] - Ranger policy list doesn't support sorting by field
* [RANGER-3670] - Policy update creates unnecessary entries in transaction log table
* [RANGER-3680] - mysql ErrorCode:1118 when Importing DB schema to database
* [RANGER-3719] - Can not create mysql table with charset utf8mb4.
* [RANGER-3775] - Logback.xml has been incorrectly modified by RANGER-3704.
* [RANGER-3789] - Upgrade Handlebars version to 4.7.7
* [RANGER-3790] - Ranger tagsync module should not depend on kafka server
* [RANGER-3791] - Upgrade json-smart, gson and jersey-client libraries version
* [RANGER-3798] - Ranger API Resource Metrics REST "Up time of JVM" does not update.
* [RANGER-3806] - Group's users mapping entry failing whenever primary key auto-increment is not set to 1 in db
* [RANGER-3807] - getUserRoles API gives 200 for non existing user passed to this API
* [RANGER-3813] - Fix ConcurrentModificationException in UnixUserGroupBuilder
* [RANGER-3814] - IS_IN_ROLE(roleName) condition always returns false
* [RANGER-3816] - update getResourceACLs() API to handle macros in resource names
* [RANGER-3819] - Upgrade springframework version
* [RANGER-3820] - Upgrade Netty version to 4.1.78.Final
* [RANGER-3824] - [Ranger] : /service/tags/resources error message is not proper for duplicate resource & not able to update resource resource
* [RANGER-3825] - Ranger internal user is unable to change his password after the upgrade.
* [RANGER-3829] - Incremental Sync value is always true under Ranger Audit (Usersync)
* [RANGER-3840] - SHOW DATABASES command should list databases owned by the user
* [RANGER-3846] - Ranger DB patch 058 failing when multiple policies having same resourceSignature
* [RANGER-3847] - [Ranger] : Http status & Error message is not correct for /xaudit/trx_log
* [RANGER-3848] - RangerClient does not auto renew Kerberos ticket after ticket lifetime expired
* [RANGER-3853] - Ranger java patch J10054 takes time
* [RANGER-3854] - Ranger Java patch J10056 takes time
* [RANGER-3857] - Ranger java patch J10055 takes time
* [RANGER-3863] - Ranger Failed to run on Apple M1 macOS (Apple Silicon)
* [RANGER-3883] - emailchange and passwordchange User REST API's work even when invalid user id is used in the url
* [RANGER-3885] - User REST API /users/firstnames returns only null with status code 204
* [RANGER-3894] - Application is 'unknown' for metastore in plugin status page
* [RANGER-3897] - RangerUserStore cache improvement
* [RANGER-3898] -  Ranger Roles cache Improvement
* [RANGER-3907] - Skip auditing of operation like monitorHealth in HDFS Ranger Plugin audit handler
* [RANGER-3911] - NPE fix in RangerDefaultPolicyEvaluator
* [RANGER-3912] -  Ranger Policy report for a given user should fetch policies maintained for roles belonging to that user and groups
* [RANGER-3914] - Change sync_source column's datatype from varchar to text
* [RANGER-3918] - Namespace policy that is created in Ranger by HBase Grant command not getting honored
* [RANGER-3920] - When sync'ing users from Ldap,  intermittent User/Group/UserGroup membership  is missing
* [RANGER-3941] - optimize cache refresh in RangerUserStoreCache
* [RANGER-3946] - ranger-yarn-plugin missing commons-lang-2.6.jar
* [RANGER-3953] - potential NPE during policy-engine initialization
* [RANGER-3956] - Upgrade Commons Text to 1.10.0
* [RANGER-3959] - condition expression validation
* [RANGER-3966] - incorrect roles used in policy evaluation for custom RangerAccessRequest impl
* [RANGER-3969] - Remove os.path.join causing incorrect windows path
* [RANGER-3970] - Expression evaluation improvements
* [RANGER-3977] - Fix Ranger TagRest API deleteTagResourceMapByGuid
* [RANGER-3989] - KMS APIs fail due to ConcurrentModificationException
* [RANGER-3991] - Upgrade underscore-min.js, underscore.js and moment-with-locales.min.js
* [RANGER-4000] - unit test failure in JDK17
* [RANGER-4008] - RangerTagEnricher to ignore invalid resources
* [RANGER-4014] - update getResourceACLs() API to handle resource names having macros in row-filter/masking policies
* [RANGER-4018] - Ranger src packaging should exclude generated/unnecessary files
* [RANGER-4029] - Ranger cannot build with HBase 2.5.x versions because preBalance coprocessor hook syntax changed in HBASE-26147
* [RANGER-4035] - support for policies to refer access-types using category, like Create/Read/Update/Delete/Manage
* [RANGER-4043] - [ugsync]Enumerate Groups will give error on executing 'getent group' command
* [RANGER-4044] - Publish official docker images for ranger to dockerhub
* [RANGER-4055] - Compulsory field firstName can be passed empty or null in the payload while creating user through API
* [RANGER-4057] - [Ranger] /tags/tags/cache/reset api give 200 response for invalid service
* [RANGER-4064] - RANGER-3348 introduces bug in python client for SSL enabled clusters
* [RANGER-4065] - Fix README and PyPI Doc for Ranger Python Client
* [RANGER-4074] - assignPermissionToUser in XUserMgr creates entries with NULL moduleId in x_user_module_perm
* [RANGER-4079] - Python client to use the given Ranger endpoint, instead of its baseURL
* [RANGER-4102] - update TestPolicyACLs unit test to validate ACL count
* [RANGER-4109] - Add unique constraint on resource_signature column of x_rms_service_resource table
* [RANGER-4110] - Upgrade to TLS to version 1.2 -Part2
* [RANGER-4112] - Update servicedef by name results in 400 status code while the same request works with update servicedef using id
* [RANGER-4113] - Upgrade tomcat to 8.5.86
* [RANGER-4121] - NPE in security-zone update validation
* [RANGER-4123] - No policy found for given version
* [RANGER-4126] - Fetching getDBVersion in BaseDao class in the security-admin-web throws Exception for Oracle Database
* [RANGER-4127] - Unable to delete the user if policy is created by same user and added in the policy item
* [RANGER-4144] - Fixed Kafka Test Suite Issues
* [RANGER-4154] - Usersync fails to push users to Ranger, due to missing firstName field
* [RANGER-4155] - Structure of resource(UI) hierarchy in policy form not proper formatted for multiple values.
** New Feature
* [RANGER-3828] - Fine-grained Access Control over nested structures
* [RANGER-3852] - Performance and scalability analyzer tool for Ranger
* [RANGER-3855] - RangerExternalUserStoreRetriever class
* [RANGER-3971] - Upgrade HBASE version to 2.4.6
* [RANGER-4028] - Ranger - Upgrade bootbox.js.
** Improvement
* [RANGER-2928] - [Ranger Zone REST API] Resources data is missing in XML format
* [RANGER-3165] - Upgrade Elasticsearch version in Ranger to Elasticsearch 7.10.2
* [RANGER-3534] - Review of RangerHiveAuditHandler
* [RANGER-3623] - Add ability to enable anonymous download of policy/role/tag
* [RANGER-3633] - Remove eclipse .project file from git
* [RANGER-3664] - Ranger KMS : Add refresh functionality on kms key listing page.
* [RANGER-3763] - The max limit of the requested entities is not configurable in tagsync
* [RANGER-3767] - Add text message in HDFS and YARN policy pages to highlight the fallback ACL option
* [RANGER-3787] - Non-daemon threads started by ElasticSearchAuditDestination cause Spark application hanging
* [RANGER-3794] - Improve performance of delete users/groups utility
* [RANGER-3796] - Enhancement to support multiple resource sets in a policy
* [RANGER-3818] - Upgrade Solr to 8.11.2
* [RANGER-3822] - RangerService outputs password information in plaintext
* [RANGER-3837] - Allow Ranger non-admins to get, create, edit and delete roles
* [RANGER-3856] - Ranger admin client option to work with non-kerberized server
* [RANGER-3865] - support for using user attributes in masking expressions
* [RANGER-3900] - Roles deletion Takes time in Apache Ranger when there are more users,groups,roles
* [RANGER-3902] - dbLoadTime is not added correctly in RangerServicePoliciesCache
* [RANGER-3903] - Improvement in RangerPolicyDeltaUtil--> applyDeltas method
* [RANGER-3910] - API Documentation is broken for knox sso
* [RANGER-3934] - improve tag cache handling to reduce resource usage
* [RANGER-3940] - Add javascript includes(), intersects() polyfills for array prototype to RangerCommonConstants
* [RANGER-3948] - update serialization to skip empty values
* [RANGER-3951] - optimize memory used for tags in plugins and server
* [RANGER-3955] - optimization to reduce duplicate strings
* [RANGER-3973] - LDAP incremental search not always available
* [RANGER-3978] - Docker setup to run Ranger KMS
* [RANGER-3982] - Python client for Ranger KMS REST APIs
* [RANGER-3983] - Support getColumnMasks and getRowFilters in Trino SPI 376+
* [RANGER-3985] - Trino plugin: Check table name when creating tables
* [RANGER-3986] - Upgrade trino guice dependency to 5.1.0
* [RANGER-3988] - Trino plugin should differntiate between views and tables
* [RANGER-3997] - option to use default value when user/group/tag does not have the attribute
* [RANGER-4004] - During the service deletion also, we can clear the in-memory cache for that service which got deleted on the ranger side
* [RANGER-4011] - option to disable creation of default policies per hierarchy
* [RANGER-4012] - getPolicyByName searches policy by serviceName, policyName simply by traverse all policies in RangerServicePoliciesCache instead of DB
* [RANGER-4024] - Adding requestId as part of Ranger logs via RangerMDCFilter when the request header contains request-Id
* [RANGER-4071] - Support for LDAP/AD usernames and group names with special chars
* [RANGER-4080] - Python client update to add missing security-zone APIs
* [RANGER-4083] - Tag-based policy UI to not show permissions in deny/exception for services that don't support deny/exception
* [RANGER-4100] - Efficient computation of the smallest set of evaluators returned by search of multiple Trie trees
* [RANGER-4101] - Java client update to add missing security-zone APIs
* [RANGER-4107] - Upgrade EclipseLink
* [RANGER-4114] - Consistent use of plugin property prefix in context enrichers
* [RANGER-4117] - service-def option to include expression condition implictly
* [RANGER-4122] - [RangerAdmin] Reorganize authorization/access check logic
** Test
* [RANGER-3808] - Ranger的REST API接口（/roles/roles/{id}/addUsersAndGroups）本地测试提示404
* [RANGER-3834] - Test cases for RoleREST.java missing (security-admin module)
* [RANGER-3849] - Test cases for ServiceREST.java missing
* [RANGER-4105] - Python script to create/update/delete policies from multiple threads
** Task
* [RANGER-3780] - Ranger - Upgrade tomcat to 8.5.79
* [RANGER-3782] - RANGER - Upgrade spring-security version to 5.6.5
* [RANGER-3841] - update version ranger-2.4 to 2.4.0-SNAPSHOT
* [RANGER-3960] - RANGER - Upgrade spring-security version to 5.7.5
* [RANGER-3996] - Upgrade commons-configuration2 to version 2.8.0
* [RANGER-4116] - Define description/topics/merge strategy for the github repository with .asf.yaml
* [RANGER-4140] - Release Apache Ranger 2.4.0
No labels
Overview
Content Tools
Atlassian Confluence Open Source Project License
granted to Apache Software Foundation.
Evaluate Confluence today
Atlassian Confluence
8.5.31
Printed by Atlassian Confluence 8.5.31
Report a bug
Atlassian News
Atlassian
{"serverDuration": 101, "requestCorrelationId": "86c62464fae7c845"}