Drill 1.20.3.200-2401 (EEP 9.2.1) Release Notes

The notes below relate specifically to the HPE Ezmeral Data Fabric distribution for Apache Drill. You may also be interested in the Apache Drill homepage and the Apache Drill release notes:

Version 1.20.3.200
Release Date January 2024
HPE Version Interoperability See Ecosystem Support Matrix and EEP Components and OS Support.
Package Names Navigate to http://package.ezmeral.hpe.com/releases/MEP/, and select your EEP(MEP) and OS to view the list of package names.

New in This Release

Drill 1.20.3.200 introduces the following enhancements or HPE platform-specific behavior changes:

  • IMPORTANT
    Drill 1.20.3.200 removes support for the automated configuration of the Hive plugin with configure.sh. For example, in release 7.6.0 and later, the following command is no longer supported by Drill:
    /opt/mapr/server/configure.sh -EC '-hiveMetastoreHost nodeA'
  • Drill 1.20.3.200 resolves an issue with applying an action to storage-plugins-override.conf.
  • Drill 1.20.3.200 implements various CVE fixes. For more information, see the fixes listed in the next section.

Fixes

This HPE release includes the following fixes on the base release:
Commit Date (YYYY-MM-DD) Comment
95d7824 2023-12-13 MD-6480: CVE-2023-2976. Remove shaded guava and upgrade guava to 32.1.2-jre version;

MD-6485: CVE-2022-1471. Update snakeyaml to 2.0version. Update liquibase to 4.25.0 version;

MD-6483: CVE-2023-44487. Update netty to 4.1.101.Finalversion. Update jetty to 2.15.3 version;

MD-6478: CVE-2023-39410. Update avro to 1.11.3 version;

MD-6486: CVE-2023-3635. Update okhttp to 4.12.0 version;

MD-6482: CVE-2023-35116. Update jackson to 2.15.3 version;

a7d1e82 2023-12-27 MD-6491: Drill doesn't follow drill.exec.storage.action_on_plugins_override_file action
7bb7163 2023-11-14 MD-6477: Prevent XXE Attacks in XML Format Plugin.

Known Issues

  • None.

Limitations

  • The Hive storage plugin in Drill does not support reading the parquet timestamp type with the int64 logical type.