Apache Ranger 2.8.0 - Release Notes

The release is compatible with these versions of the various components:

Java: JDK 8
Python3: 3.10.12
Databases [Ranger and Ranger KMS]:
- MariaDB: 10.7.3
- Postgres: 13.16
- Oracle: 23.6
Apache Solr: 8.11.3

IMPROVEMENT

RANGER-5389	Replace unmaintained jquery-cookie library with modern alternative
RANGER-5488	Allow clients to access secure API endpoints in Ranger Admin in non-kerberos envs
RANGER-5478	replace hadoop-common dependency with smaller
RANGER-5475	Add support to fetch JWT if available in RangerRESTClient
RANGER-5467	update Hadoop version to 3.4.2
RANGER-5462	update commons-beanutils version
RANGER-5460	update jetty version to 9.4.57.v20241219
RANGER-5459	remove reference to unused library mysql-connector-java
RANGER-5457	Update Kafka version to 3.9.1
RANGER-5451	Docker setup update to configure Ranger authorization in Solr
RANGER-5447	local policy source implementations to support loading from <serviceName>.json
RANGER-5443	fix Unchecked cast warnings in JsonUtils
RANGER-5442	replace repeated Gson instantiation with JsonUtils method calls
RANGER-5438	Upgrade qs, express and node-forge library in Ranger React UI.
RANGER-5434	Add test users keytabs to the ranger and dependency service docker containers
RANGER-5433	update service-def json files to improve readability
RANGER-5426	Update tomcat to 9.0.113
RANGER-5401	[docker] Use Volume Mounts for ranger-plugin configs
RANGER-5396	[docker] Use Volume Mounts for ranger-service configs
RANGER-5393	Ranger Ozone authorizer updates to support AssumeRole
RANGER-5386	Docker setup update to use latest Trino release
RANGER-5383	plugin installation to support configurations for Kerberized Solr audit destination
RANGER-5382	Admin server installation to support configurations for Kerberized Solr
RANGER-5381	add krb5-user package in ranger-base image
RANGER-5369	policy engine support for service-managed ACLs
RANGER-5338	Make XMLUtils's error message more informative
RANGER-5336	Upgrade bouncycastle to 1.79 due to CVE-2025-8916 and CVE-2025-8885
RANGER-5332	Ranger: Upgrade axios version 1.8.4 to latest 1.12.2
RANGER-5325	Ranger Access audit option to exclude resource
RANGER-5320	Handle unsupported cipher key creation
RANGER-5315	Enhance Audit Log Filters to Support Resource Name Exclusions
RANGER-5294	FileUtils.isOwnerOfFileHierarchy doesn’t have the recurse parameter
RANGER-5293	Upgrade netty to 4.1.124.Final
RANGER-5291	'User' role users api '/service/roles/roles' is giving 400 status
RANGER-5283	Updating library dependencies in Ranger Admin React package-lock.json
RANGER-5271	Last login date and time on Ranger Home page
RANGER-5269	Update UI hint for Ranger service definition for HA enabled HDFS
RANGER-5266	Change log level without service restart
RANGER-5230	Support synchronous policy cache download for testing plugins
RANGER-5215	Policy authroization fails for Ranger Plugins in case of users/groups converted by Ranger userysnc as per given Regex
RANGER-5212	Search filter in Roles tab does not consider all relevant role columns
RANGER-5200	Add search Parameter for "XA Group of Users" in Audit Admin logs Tab.
RANGER-5148	Redundant Role Cache Modification Triggers Caused by Role Version Changes in Scenarios with a Large Number of Plugin Clients
RANGER-4939	Upgrade Elasticsearch version to 7.17.29
RANGER-4247	auditPolicyEvaluators should be set before logging it
RANGER-3313	Remove org.apache.ranger.audit.entity.AuthzAuditEventDbObj from JPA (persistence.xml)
RANGER-2713	Remove audit fields from XXPolicyRef objects

BUG

RANGER-5494	Docker setup: ranger-hive container missing log4j configuration files
RANGER-5495	replace references to org.apache.log4j with org.slf4j
RANGER-3643	Service config UI to include additional configurations like service.admin.users, service.admin.groups
RANGER-5416	Disable Server Version Disclosure in HTTP Response for Ranger KMS
RANGER-5477	XML External Entity Injection Security issue in Ranger
RANGER-5476	PolicyRefresher.stopRefresher() can deadlock when retrying HTTP request
RANGER-5461	Incorrect condition in computeDeletedGroups() prevents groups from being marked as HIDDEN
RANGER-5458	Tagsync fails while initializing Atlas source
RANGER-5441	Docker: HiveServer2 initialization fails in creating Zookeeper node /hiveserver2
RANGER-5431	Docker: ranger-admin-site.xml contains invalid property values
RANGER-5422	Fix incorrect date format in logback.xml
RANGER-5407	In Atlas Service for some of the default policies wrong permissions seen
RANGER-5405	PatchForSolrSvcDefAndPoliciesUpdate_J10055 Java patch fails during upgrade
RANGER-5404	Modify the evtTime format to avoid format errors in ES
RANGER-5403	Intermittent HDFS authorization failures caused by unsafe lazy initialization in CaseSensitiveRecursiveMatcher
RANGER-5402	Fix the out-of-bounds issue caused by overly long kms keys
RANGER-5399	Ranger: HTTP 403 - User '' lacks delegated-admin privilege when attempting to GRANT privilege on a database
RANGER-5397	IllegalArgumentException in RangerRESTClient when no ranger.plugin.<service>.policy.rest.url is configured
RANGER-5394	policyEngine should be volatile to prevent policy update visibility race
RANGER-5392	Policies created by grant command have empty 'created by' and 'updated by' fields
RANGER-5391	Migrate from commons-lang 2.6 to commons-lang3 3.19.0 to fix CVE-2025-48924
RANGER-5384	Audit UI fails to query from kerberized Solr
RANGER-5361	Updating node & npm version getting used for building ranger admin js code in security-admin module
RANGER-5352	Resource changes in tag does not work correctly when delta sync & dedup is enabled
RANGER-5342	USER-role users with names similar to admin or keyadmin can query those admin/keyadmin users.
RANGER-5340	RangerResourceACLs has incorrect isFinal flag for ACLs from GDS policy engine
RANGER-5322	PolicyRefresher can struck with no download thread if exception thrown in startRefresher
RANGER-5270	Audits > Admin tab: Zone name missing in "Delete Zone Policy" log
RANGER-5259	Ranger Does Not Clean Up Stale Plugin Entries After Role Deletion or Migration
RANGER-4883	audit to HDFS fails with error: org.apache.hadoop.fs.UnsupportedFileSystemException: No FileSystem for scheme "hdfs"
RANGER-4518	Improvement in state management for search filter parameters in Ranger React
RANGER-4021	Shell syntax bug in kms setup.sh
RANGER-3965	When creating a key with too long attribute values, KMS returns OK but key not really added
RANGER-3491	Not find TAG serviceDef when update tag serviceDef for loading service-defs json file
RANGER-3222	Ranger yarn plugin does not support parsing fair scheduler json or xml response
RANGER-3166	Spaced are authorized in LDAP value strings but the setup.sh script doesnt account for spaces

TASK

RANGER-5302	Code Coverage changes for React JS script files
RANGER-5464	Update lodash version from 4.17.21 to 4.17.23
RANGER-4898	Docker setup to support kerberos authentication
RANGER-4771	Remove the calls to ensureAdminAccess() in grantAccess() and revokeAccess()
RANGER-5367	simplify resourceName parsing
RANGER-5324	replace use of iterations with streams: RangerRequestScriptEvaluator
RANGER-5312	Add module: authz-embedded
RANGER-5309	Add module: authz-api

Space shortcuts

Page tree