Remove support of Derby for Kyuubi metastore #6099
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
kind:documentation
yaooqinn
approved these changes
Feb 27, 2024
pan3793
commented
Feb 27, 2024
| <dependency> | ||
| <groupId>org.apache.derby</groupId> | ||
| <artifactId>derby</artifactId> | ||
| <scope>test</scope> |
There was a problem hiding this comment.
we still relies Derby to bootstrap a embedded HMS for testing Hadoop Token refresh feature.
|
Merged to master |
zhaohehuhu
pushed a commit
to zhaohehuhu/incubator-kyuubi
that referenced
this pull request
Mar 21, 2024
# 馃攳 Description ## Issue References 馃敆 This pull request removes support of Derby for Kyuubi metastore. ## Describe Your Solution 馃敡 Previously, we migrated the embedded DB of Kyuubi metastore from Derby to SQLite, and also marked Derby as deprecated (apache#4950), now, I propose to remove support of Derby for Kyuubi metastore. Note, that both Derby and SQLite are mainly for testing purposes, and they're not supposed to be used in production. Users should not be surprised by this removal. Also, the Derby we used suffers CVE-2022-46337 > Mitigation: > > Users should upgrade to Java 21 and Derby 10.17.1.0. > > Alternatively, users who wish to remain on older Java versions should build their own Derby distribution from one of the release families to which the fix was backported: 10.16, 10.15, and 10.14. Those are the releases which correspond, respectively, with Java LTS versions 17, 11, and 8. ## Types of changes 馃敄 - [ ] Bugfix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Breaking change (fix or feature that would cause existing functionality to change) ## Test Plan 馃И Some tests are modified accordingly. Pass GA. --- # Checklist 馃摑 - [x] This patch was not authored or co-authored using [Generative Tooling](https://www.apache.org/legal/generative-tooling.html) **Be nice. Be informative.** Closes apache#6099 from pan3793/remove-derby. Closes apache#6099 7e9dfd6 [Cheng Pan] Remove support of Derby for Kyuubi metastore Authored-by: Cheng Pan <chengpan@apache.org> Signed-off-by: Cheng Pan <chengpan@apache.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
馃攳 Description
Issue References 馃敆
This pull request removes support of Derby for Kyuubi metastore.
Describe Your Solution 馃敡
Previously, we migrated the embedded DB of Kyuubi metastore from Derby to SQLite, and also marked Derby as deprecated (#4950), now, I propose to remove support of Derby for Kyuubi metastore.
Note, that both Derby and SQLite are mainly for testing purposes, and they're not supposed to be used in production. Users should not be surprised by this removal.
Also, the Derby we used suffers CVE-2022-46337
Types of changes 馃敄
Test Plan 馃И
Some tests are modified accordingly. Pass GA.
Checklist 馃摑
Be nice. Be informative.