Okera Version 2.17 Release Notes¶
This topic provides Release Notes for all 2.17 versions of Okera.
- Launched the feature preview for Dynamic Bypass Querying for Apache Spark 3.x: a new query-execution mode that can selectively bypass running in-data plane, without needing s3 access on your Apache Spark cluster. Find more details here.
- Fixed a bug to fetch instance metadata when using IMDSv2 on AWS.
- Additional improvements and optimizations have been made to OkeraEnsemble.
Bug Fixes and Improvements¶
- Fixed bug when using GCP secrets in connection properties.
- Internal improvements and optimizations have been made to OkeraEnsemble. Users should expect to see a reduction in query times and network traffic. These changes require no additional configuration changes.
- Added support for Okera built-in functions in internal view definitions. Updated SQL statement evaluation for the internal views. Fixed logic for processing subqueries with
User Attribute Function in HAVING Expression¶
This adds an ability to use
user_attribute function in a
HAVING expression of a permission. The syntax is
HAVING ATTRIBUTE <NOT> IN (user_attribute('<attr_key>')). The value of the
attr_key is assumed to be a CSV string with attributes. If not parseable, the assumption is that no attribute is set.
Since it depends on resolving user attributes during runtime, the performance of the queries that are affected by such grants could be highly variable based on the way user attributes are fetched and how user attribute resolver cache is configured. (see OKERA_USER_ATTRIBUTES_CACHE_THRESHOLD_MS)
In the web UI we now have a “Custom expression” option when defining
HAVING clause in the policy builder that can be used to leverage this new capability. It also makes it possible to create compound predicates in having expressions via web UI.
Security Vulnerabilities (CVEs/CWEs) Addressed¶
Okera uses Snyk and GitHub Advanced Security for security vulnerability scanning.
- CVE-2021-36222: NULL Pointer Dereference
- CVE-2021-37750: NULL Pointer Dereference
- CVE-2022-21619: CVE-2022-21619
- CVE-2022-21624: CVE-2022-21624
- CVE-2022-21626: CVE-2022-21626
- CVE-2022-21628: CVE-2022-21628
- CVE-2022-3821: Off-by-one Error
- CVE-2022-4415: CVE-2022-4415
- CVE-2023-0464: CVE-2023-0464
- CVE-2023-0465: CVE-2023-0465
- CVE-2023-21830: CVE-2023-21830
- CVE-2023-21843: CVE-2023-21843
- CVE-2023-27533: CVE-2023-27533
- CVE-2023-27534: CVE-2023-27534
- CVE-2023-27535: CVE-2023-27535
- CVE-2023-27536: CVE-2023-27536
- CVE-2023-27538: CVE-2023-27538