Release Notes - Ranger - Version 2.3.0

New Feature

RANGER-3569Support Ranger KMS integration with Google cloud HSM
RANGER-3580Support Ranger KMS integration with TencentKMS
RANGER-3603HDFS audit files rollover improvement to trigger rollover in monitoring thread
RANGER-3605Support macros in row-filter/condition expressions
RANGER-3630Support wildcards, group short names, and list of memberof attribute DNs for computing user search filter
RANGER-3764conditions to support macros IS_IN_GROUP, IS_IN_ROLE, HAS_TAG
RANGER-3779conditions enhancement to support macros IS_IN_ANY_GROUP, IS_IN_ANY_ROLE, HAS_TAGS


RANGER-2846Add support for resource[volume, bucket, key] look up in ozone plugin
RANGER-2967Add support for Amazon CloudWatch Logs as an Audit Store
RANGER-3023Permission tab takes longer time to load with large number of users and group_users data
RANGER-3030Replace Findbugs with Spotbugs maven plugin
RANGER-3221Improve logging in Presto plugin
RANGER-3276Remove duplicate code from
RANGER-3290ArrayIndexOutOfBoundsException if solr is down
RANGER-3298Add coarse URI check for Hive Agent
RANGER-3299Upgrading the bouncycastle version for bcprov-jdk15on
RANGER-3389Swagger UI Support for Ranger REST API
RANGER-3435RANGER-3401 Add unique index on guid, service and zone_id column of x_policy table
RANGER-3439RANGER-3401 Add rest api to get or delete ranger policy based on guid
RANGER-3455[Logout-Ranger] Should either be disabled/ should redirect to knox logout page
RANGER-3459Upgrade Ranger's Kafka dependency to 2.8
RANGER-3475Promote TagRest endpoints to /public/v2
RANGER-3487Update underscorejs with latest version.
RANGER-3493RANGER-3490 Add unique index on service and resource_signature column of x_policy table
RANGER-3498RANGER : Remove log4j1 dependencies.
RANGER-3504Create framework to execute DB patch dependent on Java patch.
RANGER-3510Ranger upgrade spring framework version to 5.3.12
RANGER-3515Enhance Ranger Java client SSL config to be configured using serviceType and AppId
RANGER-3518Limit the query size stored in Audit logs
RANGER-3519Provide an option to optimize space needed by Trie objects
RANGER-3526policy evaluation ordering to use name as secondary sorting key
RANGER-3533Provide sorting on columns throughout the audits result set and policy listing page.
RANGER-3538Reduce the granularity of locking when building/retrieving a policy-engine within Ranger admin service
RANGER-3539Add jacoco-maven-plugin for code coverage
RANGER-3540Add support to read audit logs from Amazon CloudWatch
RANGER-3545Remove Logger Checks for Info Enabled
RANGER-3548Update performance engine test scripts
RANGER-3550support for using user/tag attributes in row-filter expressions and conditions
RANGER-3551Analyze & optimize module permissions related API
RANGER-3553Unit test coverage for XUserMgr and UserMgr class
RANGER-3556Ranger tagsync logs unnecessary messages
RANGER-3561Upgrade Storm version to 1.2.4
RANGER-3562Redesign post commit tasks for updating ref-tables when policy/role is updated
RANGER-3565RangerRESTClient to support retry
RANGER-3566Update version in ranger-2.3 to 2.3.0-SNAPSHOT
RANGER-3567support for use of user attributes in policy resources
RANGER-3573Add vim in docker base image
RANGER-3577RANGER : Upgrade POI version to 5.1.0
RANGER-3578Simplify code for policy label creation
RANGER-3585Docker setup to run Ranger usersync and tagsync
RANGER-3586Script condition expression to support csv of group/tag attributes
RANGER-3595Tar of KMS contains rubbish files
RANGER-3600Ranger service tags import request failure
RANGER-3606remove unnecessary static members from plugin class loaders
RANGER-3609option to add usergroup enricher automatically based on references in policies
RANGER-3620Ranger - Upgrade tomcat to 8.5.75
RANGER-3621Optimise Tag/Policy iterator
RANGER-3624Update Ranger services Password Policy
RANGER-3628Support fine grain authorization for different solr objects
RANGER-3629RANGER - Handle solr permissions during upgrade
RANGER-3632Improve ranger logs, RENAME_ON_ROTATE and others
RANGER-3634Remove duplicate entries from usersync distribution file
RANGER-3646LOG.debug print content error
RANGER-3647Connection to DB fails for MySQL version above 8.0
RANGER-3649Represent the Solr admin object types on the Ranger UI
RANGER-3651Remove jersey1.x version dependency for knox plugin
RANGER-3653Replace aws java sdk bom dependencies with bundled dependencies
RANGER-3658Docker: Ranger containers to run as user=ranger
RANGER-3660[Ranger Admin UI] Improvements in tooltip hints for better user experience
RANGER-3662There should be pause button for error popup
RANGER-3665"No Data Found !!" messages in Ranger admin UI alarm users
RANGER-3666Ranger UI improvement - Add warning popup if auto-complete for resource lookup is failing in Edit policy page
RANGER-3667Improve feedback in policy creation UI when resource does not exist
RANGER-3669Connection to DB fails for MySQL version above 8.0
RANGER-3672Show better error messages during failed logins
RANGER-3673Need to enable cipher configuration for Usersync
RANGER-3675Upgrade tomcat due to intermittent READ TIMEOUT
RANGER-3686Docker setup to run Ranger with MySQL database
RANGER-3687Password Policy Best Practices for Strong Security
RANGER-3689Ranger : ranger-2.3 Port missing commits.
RANGER-3693Ranger - Upgrade tomcat to 8.5.78
RANGER-3698Ranger - Upgrade kylin to 3.1.3
RANGER-3699Ranger - Upgrade poi to 5.2.1+
RANGER-3704remove semicolon from c3P0 preferredTestQuery
RANGER-3725Update atlas default audit filter to filter Atlas entity-read events by Nifi user.
RANGER-3736Update RangerChainedPlugin to support masking and row-filtering
RANGER-3738Restructure ranger Dockerfile to use multi-stage builds
RANGER-3743Add isDenyAllElse mapping to addCustomRangerDefaultPolicies method
RANGER-3744Produces annotation ordering should be consistent: json, xml
RANGER-3759Add default logback configuration file for trino plugin
RANGER-3760Make trino plugin configurable for trino environment running in docker
RANGER-3768RangerBasePlugin configuration to optionally disable userstore refresher


RANGER-2426ranger-plugins-audits should depend on kafka-clients not kafka server
RANGER-2704Support browser login using kerberized authentication
RANGER-2847Add support/Fix Test connection with Ozone service
RANGER-3091Upgrade solr version in Ranger to Solr 8.6.3
RANGER-3285expose user source details in ranger UI
RANGER-3403Ranger usersync role based rules not working as expected
RANGER-3427Null Dereference in
RANGER-3433Null Dereference in ServiceREST getPolicyByName method
RANGER-3442Ranger KMS DAO memory issues when many new keys are created
RANGER-3468When multiple Ranger tabs are opened, Some tabs are not redirecting to Knox Logout page
RANGER-3484Ranger usersync directory is being created as root owner
RANGER-3490Make policy resource signature is unique in a service
RANGER-3502Make GET zone APIs accessible to authorized users only
RANGER-3505Ranger usersync fails to sync users when a duplicate user exists in ranger
RANGER-3507Handle trailing slash in the ranger Hive URL policy authorization
RANGER-3509update role fails for role admins
RANGER-3511RANGER-3490 Create Java patch to update policy resource-signature to unique value.
RANGER-3512RANGER-3401 Create Java patch to update policy guid to unique value.
RANGER-3514Fix updates to sync source post upgrades
RANGER-3516Java patch 'J10045' taking more time during upgrade.
RANGER-3522Improve Tagsync authentication error reporting
RANGER-3527Create Apache Ranger next maintenance release branch 2.3
RANGER-3528Ranger Group creation audit is not shown during service creation
RANGER-3535A delegate admin user should be able to add another user with all or subset of permissions they have
RANGER-3542Invalid HTTPS Check
RANGER-3543Remove spotbugs-annotations-3.1.9 from classpath
RANGER-3544Security zones listing will be in alphabetical order.
RANGER-3546Update Spotbugs plugin Executions cycle
RANGER-3547Upgrade to use log4j 2.16.0+ version to ensure that we are using supported version of log4j
RANGER-3554[Intermittent] API call to fetch the list of policies for a particular service repo returns a deleted policy in the response
RANGER-3557Upgrade to use log4j 2.17.0+ version to ensure that we are using supported version of log4j
RANGER-3559RANGER KMS - Metric details for kms are not getting collected
RANGER-3563[Docker] plugin installation fails with error: XAAUDIT.AMAZON_CLOUDWATCH.ENABLE not defined
RANGER-3564Installation of Ranger plugin for HDFS fails due to missing libraries
RANGER-3568Services of one zone are seen in other zone from UI
RANGER-3571Typo in
RANGER-3576service creation is failing intermittently due to DB unique key constraint violation
RANGER-3579Upgrade Log4j2 to 2.17.1 due to CVE-2021-44832
RANGER-3584ServiceTags are not computed correctly by applying incremental changes to existing ServiceTags
RANGER-3589Ranger java patches failing due to admin privilege checks.
RANGER-3591Upgrade protobuf-java to 3.19.3
RANGER-3592Upgrade Spring framework to 5.3.15
RANGER-3593the hive table owner who create the table can not have the full priviledge
RANGER-3594mysql setup scripts failed with binlog-enabled mysql
RANGER-3597RANGER-3590 User role should not be able to modify the Policy
RANGER-3610Docker: Skip service creation for ranger components during ranger container restart
RANGER-3611Uncatched NullPointerException when missing lastKnownVersion in ServiceREST::getServicePoliciesIfUpdated
RANGER-3613RANGER KMS : Check if master key with the given alias exists or not if LUNA HSM is enabled.
RANGER-3617incorrect deny for _any access due to tag policy
RANGER-3619REST API should return 403 when authenticated client is not allowed to access API.
RANGER-3625Update isDebugEnable condition in RangerHiveAuthorizer
RANGER-3638Solr Ranger document level security breaks solr if collection is reloaded
RANGER-3642Ranger - Upgrade jquery-ui to 1.13.1
RANGER-3644tagsync: FileTagSource to retry if Ranger is not reachable
RANGER-3652update resource-matcher unit tests to include wildcard=false
RANGER-3659Ranger Admin goes to OOM when usersync is trying to delete existing group mappings from ranger DB
RANGER-3663RangerBizUtil.checkAdminAccess() should return false if user-session is not available
RANGER-3674Fix PMD issue
RANGER-3676tag-based policies don't recognize {OWNER} in users as resource owners
RANGER-3677Update Password Policy validation at WEB-UI
RANGER-3678Update password validation criteria
RANGER-3681Ranger Database deadlock when createPolicy is running parallel
RANGER-3690Fix NullPointerException in java patch 054
RANGER-3691Upgrade spring to 5.3.18 CVE-2022-22965
RANGER-3692Ranger cannot connect to the DB when the DB is outaged for a long time
RANGER-3702RANGER - Export policy in excel is failing.
RANGER-3709Fix NullPointerException in getSecureServicePoliciesIfUpdated call of ServiceRest
RANGER-3730log4j dependency is not completely removed
RANGER-3735RANGER : Behaviour change in external user status.
RANGER-3737Usersync is broken due to NullPointerException
RANGER-3747Fix failing sql patches
RANGER-3750RANGER : PatchForSolrSvcDefAndPoliciesUpdate_J10055 failing with 'duplicate key value violates unique constraint'
RANGER-3753Hive masking policies don't recognize {OWNER} user
RANGER-3755Build Plugin-Trino artifacts only with JDK 11
RANGER-3765tag-based policy masking to override resource-based policy
RANGER-3769Removing a tag-service association from a service does not update policy engine
RANGER-3773maven can not build ranger-2.3.0 because commons-cli is duplicated in pom
RANGER-3777Fix execute permissions for all docker init scripts
RANGER-3778Kerberos Login cause NullPointerException
  • No labels