Okera Version 2.16 Release Notes¶
This topic provides Release Notes for all 2.16 versions of Okera.
2.16.0 (3/8/2023)¶
UI Updates¶
The following general updates were made to the UI in this release:
- Added ability to collapse the editor in workspace
- Added ability to preview the result in separate modal
Ubuntu Upgrade¶
- Our base Ubuntu has been updated from 18.04 to 20.04
Security Vulnerabilities (CVEs/CWEs) Addressed¶
With the Ubuntu 20.04 upgrade, we addressed numerous CVEs listed here.
- CVE-2009-5080: Link Following
- CVE-2009-5155: Improper Data Handling
- CVE-2015-8985: Improper Data Handling
- CVE-2017-14160: Out-of-Bounds
- CVE-2017-7960: Out-of-bounds Read
- CVE-2017-8834: Out-of-Bounds
- CVE-2017-8871: Loop with Unreachable Exit Condition ('Infinite Loop')
- CVE-2018-10392: Out-of-bounds Read
- CVE-2018-10393: Out-of-bounds Read
- CVE-2018-14048: CVE-2018-14048
- CVE-2018-16868: Information Exposure
- CVE-2018-20673: Out-of-bounds Write
- CVE-2019-13224: Use After Free
- CVE-2019-16163: Uncontrolled Recursion
- CVE-2019-17594: Out-of-bounds Read
- CVE-2019-17595: Out-of-bounds Read
- CVE-2019-19012: Out-of-bounds Read
- CVE-2019-19203: Out-of-bounds Read
- CVE-2019-19204: Out-of-bounds Read
- CVE-2019-19246: Out-of-bounds Read
- CVE-2019-20446: Resource Exhaustion
- CVE-2019-20454: Out-of-bounds Read
- CVE-2019-3466: Improper Privilege Management
- CVE-2019-9511: Allocation of Resources Without Limits or Throttling
- CVE-2019-9513: CVE-2019-9513
- CVE-2020-12825: Uncontrolled Recursion
- CVE-2020-13844: Information Exposure
- CVE-2021-26720: Link Following
- CVE-2022-1304: Out-of-bounds Read
- CVE-2022-1586: Out-of-bounds Read
- CVE-2022-1587: Out-of-bounds Read
- CVE-2022-28321: Incorrect Authorization
- CVE-2022-37454: Integer Overflow or Wraparound
- CVE-2022-48303: Out-of-bounds Read
- CVE-2023-0795: Out-of-bounds Read
- CVE-2023-0796: Out-of-bounds Read
- CVE-2023-0797: Out-of-bounds Read
- CVE-2023-0798: Out-of-bounds Read
- CVE-2023-0799: Use After Free
- CVE-2023-0800: Out-of-bounds Write
- CVE-2023-0801: Out-of-bounds Write
- CVE-2023-0802: Out-of-bounds Write
- CVE-2023-0803: Out-of-bounds Write
- CVE-2023-0804: Out-of-bounds Write
Okera uses Snyk and GitHub Advanced Security for security vulnerability scanning.
Bug Fixes and Improvements¶
- Fixed an issue in which user role information would be displayed multiple times. It is now displayed once for each role.
- Added support for Databricks versions up to 12.2, including 11.3 LTS
- Added a Helm chart configuration option
DISABLE_WORKSPACE_DOWNLOAD_BUTTON
to disable query result download button from being displayed. - Added backend support for IBM DB2 as a JDBC data source
Known Issues¶
- An error is thrown when attempting to retrieve secrets from Google Secrets Manager. This issue will be fixed in an upcoming release.