** Bug
* [RANGER-2737] - Ranger REST API returns different information when GET user by id and by name
* [RANGER-3080] - A service administrator should be allowed to set "excludes" flag for a policy resource
* [RANGER-3108] - NPE in RangerPolicyRepository.init
* [RANGER-3387] - Ranger Admin Header Validation.
* [RANGER-3394] - Too much `varchar(4000)` causes table to exceed ROW SIZE limit in MySQL
* [RANGER-3500] - Ranger policy list doesn't support sorting by field
* [RANGER-3670] - Policy update creates unnecessary entries in transaction log table
* [RANGER-3680] - mysql ErrorCode:1118 when Importing DB schema to database
* [RANGER-3719] - Can not create mysql table with charset utf8mb4.
* [RANGER-3775] - Logback.xml has been incorrectly modified by RANGER-3704.
* [RANGER-3789] - Upgrade Handlebars version to 4.7.7
* [RANGER-3790] - Ranger tagsync module should not depend on kafka server
* [RANGER-3791] - Upgrade json-smart, gson and jersey-client libraries version
* [RANGER-3798] - Ranger API Resource Metrics REST "Up time of JVM" does not update.
* [RANGER-3806] - Group's users mapping entry failing whenever primary key auto-increment is not set to 1 in db
* [RANGER-3807] - getUserRoles API gives 200 for non existing user passed to this API
* [RANGER-3813] - Fix ConcurrentModificationException in UnixUserGroupBuilder
* [RANGER-3814] - IS_IN_ROLE(roleName) condition always returns false
* [RANGER-3816] - update getResourceACLs() API to handle macros in resource names
* [RANGER-3819] - Upgrade springframework version
* [RANGER-3820] - Upgrade Netty version to 4.1.78.Final
* [RANGER-3824] - [Ranger] : /service/tags/resources error message is not proper for duplicate resource & not able to update resource resource
* [RANGER-3825] - Ranger internal user is unable to change his password after the upgrade.
* [RANGER-3829] - Incremental Sync value is always true under Ranger Audit (Usersync)
* [RANGER-3840] - SHOW DATABASES command should list databases owned by the user
* [RANGER-3846] - Ranger DB patch 058 failing when multiple policies having same resourceSignature
* [RANGER-3847] - [Ranger] : Http status & Error message is not correct for /xaudit/trx_log
* [RANGER-3848] - RangerClient does not auto renew Kerberos ticket after ticket lifetime expired
* [RANGER-3853] - Ranger java patch J10054 takes time
* [RANGER-3854] - Ranger Java patch J10056 takes time
* [RANGER-3857] - Ranger java patch J10055 takes time
* [RANGER-3863] - Ranger Failed to run on Apple M1 macOS (Apple Silicon)
* [RANGER-3883] - emailchange and passwordchange User REST API's work even when invalid user id is used in the url
* [RANGER-3885] - User REST API /users/firstnames returns only null with status code 204
* [RANGER-3894] - Application is 'unknown' for metastore in plugin status page
* [RANGER-3897] - RangerUserStore cache improvement
* [RANGER-3898] - Ranger Roles cache Improvement
* [RANGER-3907] - Skip auditing of operation like monitorHealth in HDFS Ranger Plugin audit handler
* [RANGER-3911] - NPE fix in RangerDefaultPolicyEvaluator
* [RANGER-3912] - Ranger Policy report for a given user should fetch policies maintained for roles belonging to that user and groups
* [RANGER-3914] - Change sync_source column's datatype from varchar to text
* [RANGER-3918] - Namespace policy that is created in Ranger by HBase Grant command not getting honored
* [RANGER-3920] - When sync'ing users from Ldap, intermittent User/Group/UserGroup membership is missing
* [RANGER-3941] - optimize cache refresh in RangerUserStoreCache
* [RANGER-3946] - ranger-yarn-plugin missing commons-lang-2.6.jar
* [RANGER-3953] - potential NPE during policy-engine initialization
* [RANGER-3956] - Upgrade Commons Text to 1.10.0
* [RANGER-3959] - condition expression validation
* [RANGER-3966] - incorrect roles used in policy evaluation for custom RangerAccessRequest impl
* [RANGER-3969] - Remove os.path.join causing incorrect windows path
* [RANGER-3970] - Expression evaluation improvements
* [RANGER-3977] - Fix Ranger TagRest API deleteTagResourceMapByGuid
* [RANGER-3989] - KMS APIs fail due to ConcurrentModificationException
* [RANGER-3991] - Upgrade underscore-min.js, underscore.js and moment-with-locales.min.js
* [RANGER-4000] - unit test failure in JDK17
* [RANGER-4008] - RangerTagEnricher to ignore invalid resources
* [RANGER-4014] - update getResourceACLs() API to handle resource names having macros in row-filter/masking policies
* [RANGER-4018] - Ranger src packaging should exclude generated/unnecessary files
* [RANGER-4029] - Ranger cannot build with HBase 2.5.x versions because preBalance coprocessor hook syntax changed in HBASE-26147
* [RANGER-4035] - support for policies to refer access-types using category, like Create/Read/Update/Delete/Manage
* [RANGER-4043] - [ugsync]Enumerate Groups will give error on executing 'getent group' command
* [RANGER-4044] - Publish official docker images for ranger to dockerhub
* [RANGER-4055] - Compulsory field firstName can be passed empty or null in the payload while creating user through API
* [RANGER-4057] - [Ranger] /tags/tags/cache/reset api give 200 response for invalid service
* [RANGER-4064] - RANGER-3348 introduces bug in python client for SSL enabled clusters
* [RANGER-4065] - Fix README and PyPI Doc for Ranger Python Client
* [RANGER-4074] - assignPermissionToUser in XUserMgr creates entries with NULL moduleId in x_user_module_perm
* [RANGER-4079] - Python client to use the given Ranger endpoint, instead of its baseURL
* [RANGER-4102] - update TestPolicyACLs unit test to validate ACL count
* [RANGER-4109] - Add unique constraint on resource_signature column of x_rms_service_resource table
* [RANGER-4110] - Upgrade to TLS to version 1.2 -Part2
* [RANGER-4112] - Update servicedef by name results in 400 status code while the same request works with update servicedef using id
* [RANGER-4113] - Upgrade tomcat to 8.5.86
* [RANGER-4121] - NPE in security-zone update validation
* [RANGER-4123] - No policy found for given version
* [RANGER-4126] - Fetching getDBVersion in BaseDao class in the security-admin-web throws Exception for Oracle Database
* [RANGER-4127] - Unable to delete the user if policy is created by same user and added in the policy item
* [RANGER-4144] - Fixed Kafka Test Suite Issues
* [RANGER-4154] - Usersync fails to push users to Ranger, due to missing firstName field
* [RANGER-4155] - Structure of resource(UI) hierarchy in policy form not proper formatted for multiple values.
** New Feature
* [RANGER-3828] - Fine-grained Access Control over nested structures
* [RANGER-3852] - Performance and scalability analyzer tool for Ranger
* [RANGER-3855] - RangerExternalUserStoreRetriever class
* [RANGER-3971] - Upgrade HBASE version to 2.4.6
* [RANGER-4028] - Ranger - Upgrade bootbox.js.
** Improvement
* [RANGER-2928] - [Ranger Zone REST API] Resources data is missing in XML format
* [RANGER-3165] - Upgrade Elasticsearch version in Ranger to Elasticsearch 7.10.2
* [RANGER-3534] - Review of RangerHiveAuditHandler
* [RANGER-3623] - Add ability to enable anonymous download of policy/role/tag
* [RANGER-3633] - Remove eclipse .project file from git
* [RANGER-3664] - Ranger KMS : Add refresh functionality on kms key listing page.
* [RANGER-3763] - The max limit of the requested entities is not configurable in tagsync
* [RANGER-3767] - Add text message in HDFS and YARN policy pages to highlight the fallback ACL option
* [RANGER-3787] - Non-daemon threads started by ElasticSearchAuditDestination cause Spark application hanging
* [RANGER-3794] - Improve performance of delete users/groups utility
* [RANGER-3796] - Enhancement to support multiple resource sets in a policy
* [RANGER-3818] - Upgrade Solr to 8.11.2
* [RANGER-3822] - RangerService outputs password information in plaintext
* [RANGER-3837] - Allow Ranger non-admins to get, create, edit and delete roles
* [RANGER-3856] - Ranger admin client option to work with non-kerberized server
* [RANGER-3865] - support for using user attributes in masking expressions
* [RANGER-3900] - Roles deletion Takes time in Apache Ranger when there are more users,groups,roles
* [RANGER-3902] - dbLoadTime is not added correctly in RangerServicePoliciesCache
* [RANGER-3903] - Improvement in RangerPolicyDeltaUtil--> applyDeltas method
* [RANGER-3910] - API Documentation is broken for knox sso
* [RANGER-3934] - improve tag cache handling to reduce resource usage
* [RANGER-3940] - Add javascript includes(), intersects() polyfills for array prototype to RangerCommonConstants
* [RANGER-3948] - update serialization to skip empty values
* [RANGER-3951] - optimize memory used for tags in plugins and server
* [RANGER-3955] - optimization to reduce duplicate strings
* [RANGER-3973] - LDAP incremental search not always available
* [RANGER-3978] - Docker setup to run Ranger KMS
* [RANGER-3982] - Python client for Ranger KMS REST APIs
* [RANGER-3983] - Support getColumnMasks and getRowFilters in Trino SPI 376+
* [RANGER-3985] - Trino plugin: Check table name when creating tables
* [RANGER-3986] - Upgrade trino guice dependency to 5.1.0
* [RANGER-3988] - Trino plugin should differntiate between views and tables
* [RANGER-3997] - option to use default value when user/group/tag does not have the attribute
* [RANGER-4004] - During the service deletion also, we can clear the in-memory cache for that service which got deleted on the ranger side
* [RANGER-4011] - option to disable creation of default policies per hierarchy
* [RANGER-4012] - getPolicyByName searches policy by serviceName, policyName simply by traverse all policies in RangerServicePoliciesCache instead of DB
* [RANGER-4024] - Adding requestId as part of Ranger logs via RangerMDCFilter when the request header contains request-Id
* [RANGER-4071] - Support for LDAP/AD usernames and group names with special chars
* [RANGER-4080] - Python client update to add missing security-zone APIs
* [RANGER-4083] - Tag-based policy UI to not show permissions in deny/exception for services that don't support deny/exception
* [RANGER-4100] - Efficient computation of the smallest set of evaluators returned by search of multiple Trie trees
* [RANGER-4101] - Java client update to add missing security-zone APIs
* [RANGER-4107] - Upgrade EclipseLink
* [RANGER-4114] - Consistent use of plugin property prefix in context enrichers
* [RANGER-4117] - service-def option to include expression condition implictly
* [RANGER-4122] - [RangerAdmin] Reorganize authorization/access check logic
** Test
* [RANGER-3808] - Ranger的REST API接口(/roles/roles/{id}/addUsersAndGroups)本地测试提示404
* [RANGER-3834] - Test cases for RoleREST.java missing (security-admin module)
* [RANGER-3849] - Test cases for ServiceREST.java missing
* [RANGER-4105] - Python script to create/update/delete policies from multiple threads
** Task
* [RANGER-3780] - Ranger - Upgrade tomcat to 8.5.79
* [RANGER-3782] - RANGER - Upgrade spring-security version to 5.6.5
* [RANGER-3841] - update version ranger-2.4 to 2.4.0-SNAPSHOT
* [RANGER-3960] - RANGER - Upgrade spring-security version to 5.7.5
* [RANGER-3996] - Upgrade commons-configuration2 to version 2.8.0
* [RANGER-4116] - Define description/topics/merge strategy for the github repository with .asf.yaml
* [RANGER-4140] - Release Apache Ranger 2.4.0