You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@calcite.apache.org by jh...@apache.org on 2022/09/10 08:57:09 UTC

[calcite] branch main updated (6d96e91d5 -> 9fc50f24b)

This is an automated email from the ASF dual-hosted git repository.

jhyde pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/calcite.git


    omit 6d96e91d5 Prepare for next development iteration
     new 9fc50f24b Prepare for next development iteration

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (6d96e91d5)
            \
             N -- N -- N   refs/heads/main (9fc50f24b)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 site/_posts/2022-09-10-release-1.32.0.md | 49 ++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 site/_posts/2022-09-10-release-1.32.0.md

[calcite] 01/01: Prepare for next development iteration

Posted by jh...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

jhyde pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/calcite.git

commit 9fc50f24ba8058633544f013f57ca67f72a80c29
Author: Julian Hyde <jh...@apache.org>
AuthorDate: Sat Sep 10 00:49:04 2022 -0700

    Prepare for next development iteration
---
 gradle.properties                        |  2 +-
 site/_docs/history.md                    | 37 +++++++++++++++++++-----
 site/_docs/howto.md                      |  7 ++---
 site/_posts/2022-09-10-release-1.32.0.md | 49 ++++++++++++++++++++++++++++++++
 4 files changed, 82 insertions(+), 13 deletions(-)

diff --git a/gradle.properties b/gradle.properties
index 0c7b4e502..f50de1ee4 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -27,7 +27,7 @@ systemProp.org.gradle.internal.publish.checksums.insecure=true
 # This is version for Calcite itself
 # Note: it should not include "-SNAPSHOT" as it is automatically added by build.gradle.kts
 # Release version can be generated by using -Prelease or -Prc=<int> arguments
-calcite.version=1.32.0
+calcite.version=1.33.0
 # This is a version to be used from Maven repository. It can be overridden by localAvatica below
 calcite.avatica.version=1.22.0
 
diff --git a/site/_docs/history.md b/site/_docs/history.md
index 0b97b636b..1b3fcfc6c 100644
--- a/site/_docs/history.md
+++ b/site/_docs/history.md
@@ -28,6 +28,7 @@ For a full list of releases, see
 Downloads are available on the
 [downloads page]({{ site.baseurl }}/downloads/).
 
+<!--
 {% comment %}
 ## <a href="https://github.com/apache/calcite/releases/tag/calcite-1.33.0">1.33.0</a> / YYYY-MM-DD
 {: #v1-33-0}
@@ -64,12 +65,28 @@ other software versions as specified in gradle.properties.
 {: #site-1-33-0}
 
 {% endcomment %}
+-->
 
-## <a href="https://github.com/apache/calcite/releases/tag/calcite-1.32.0">1.32.0</a> / 2022-09-12
+## <a href="https://github.com/apache/calcite/releases/tag/calcite-1.32.0">1.32.0</a> / 2022-09-10
 {: #v1-32-0}
 
-This release comes 1 month after [1.31.0](#v1-31-0),
-contains contributions from 15 contributors, and resolves x issues.
+Coming 1 month after [1.31.0](#v1-31-0) with 19 issues fixed by 16
+contributors, this release fixes
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-39135">CVE-2022-39135</a>,
+an XML External Entity (XEE) vulnerability that allows a SQL query to
+read the contents of files via the SQL functions `EXISTS_NODE`,
+`EXTRACT_XML`, `XML_TRANSFORM` or `EXTRACT_VALUE`.
+
+With contributions from 16 contributors, this release
+<a href="https://issues.apache.org/jira/browse/CALCITE-4294">replaces
+the ESRI spatial engine with JTS and proj4j</a>, adds
+<a href="https://issues.apache.org/jira/browse/CALCITE-5262">65
+spatial SQL functions</a> including `ST_Centroid`, `ST_Covers` and
+`ST_GeomFromGeoJSON`, adds the
+<a href="https://issues.apache.org/jira/browse/CALCITE-5241">CHAR</a>
+SQL function, and improves the return type of the
+<a href="https://issues.apache.org/jira/browse/CALCITE-4999">ARRAY and
+MULTISET</a> functions.
 
 Contributors to this release:
 Alessandro Solimando,
@@ -82,9 +99,11 @@ Dmitry Sysolyatin,
 Jiajun Bernoulli,
 Jing Zhang,
 Julian Hyde (release manager),
+Lincoln Lee,
 Mou Wu,
 Ruben Quesada Lopez,
 Stamatis Zampetakis,
+TJ Banghart,
 Zhengqiang Duan.
 
 {: #breaking-1-32-0}
@@ -130,7 +149,10 @@ other software versions as specified in gradle.properties.
   Increase `BINDABLE_CACHE` hit rate by making the order of
   `EnumerableRelImplementor.stashedParameters` deterministic
 * [<a href="https://issues.apache.org/jira/browse/CALCITE-5263">CALCITE-5263</a>]
-  Improve `XmlFunctions` by using an XML `DocumentBuilder`
+  SQL functions `EXISTS_NODE`, `EXTRACT_XML`, `XML_TRANSFORM` and `EXTRACT_VALUE`
+  allow user files to be read via XML External Entity (XEE) vulnerability
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-39135">CVE-2022-39135</a>
+  (fixed by using a secure implementation of XML `DocumentBuilder`)
 * [<a href="https://issues.apache.org/jira/browse/CALCITE-4294">CALCITE-4294</a>]
   Use JTS and proj4j rather than ESRI as the underlying library for geospatial
   (`ST_`) functions
@@ -166,9 +188,7 @@ other software versions as specified in gradle.properties.
 * Cosmetic changes to release notes
 * Remove redundant 'the' in javadoc
 * Change sereda's role from Committer to PMC
-* [<a href="https://issues.apache.org/jira/browse/CALCITE-5092">CALCITE-5092</a>]
-  Update site/README.md about how to release the site
-* Fix 1.31.0 release date to 2022-08-22 (was 2022-08-22)
+* Fix 1.31.0 release date to 2022-08-02 (was 2022-08-01)
 * Fix checkstyle violation for Calcite 1.31 release note
 
 ## <a href="https://github.com/apache/calcite/releases/tag/calcite-1.31.0">1.31.0</a> / 2022-08-02
@@ -416,6 +436,9 @@ other software versions as specified in gradle.properties.
 #### Web site and documentation
 {: #site-1-31-0}
 
+* [<a href="https://issues.apache.org/jira/browse/CALCITE-5092">CALCITE-5092</a>]
+  Update [site/README.md](https://github.com/apache/calcite/blob/main/site/README.md)
+  about how to release the site
 * Site: Add Jing Zhang as committer
 * Site: Add Benchao Li as committer
 * Site: Add Chunwei Lei and Vladimir Ozerov as PMC members
diff --git a/site/_docs/howto.md b/site/_docs/howto.md
index 6876ca70d..4025da758 100644
--- a/site/_docs/howto.md
+++ b/site/_docs/howto.md
@@ -755,7 +755,7 @@ The release candidate process does not add commits,
 so there's no harm if it fails. It might leave `-rc` tag behind
 which can be removed if required.
 
-You can perform a dry-run release with a help of
+If you wish, you can perform a dry-run release with a help of
 [asflike-release-environment](https://github.com/vlsi/asflike-release-environment);
 it would perform the same steps, but it would push changes to the mock Nexus, Git, and SVN servers.
 
@@ -820,11 +820,8 @@ Verify the staged artifacts in the Nexus repository:
 * Go to [https://repository.apache.org/](https://repository.apache.org/) and login
 * Under `Build Promotion`, click `Staging Repositories`
 * In the `Staging Repositories` tab there should be a line with profile `org.apache.calcite`
+  and status `closed`
 * Navigate through the artifact tree and make sure the .jar, .pom, .asc files are present
-* Check the box on in the first column of the row,
-  and press the 'Close' button to publish the repository at
-  https://repository.apache.org/content/repositories/orgapachecalcite-1000
-  (or a similar URL)
 
 ## Cleaning up after a failed release attempt
 
diff --git a/site/_posts/2022-09-10-release-1.32.0.md b/site/_posts/2022-09-10-release-1.32.0.md
new file mode 100644
index 000000000..3f8db3f86
--- /dev/null
+++ b/site/_posts/2022-09-10-release-1.32.0.md
@@ -0,0 +1,49 @@
+---
+layout: news_item
+date: "2022-09-10 12:00:00 +0000"
+author: jhyde
+version: 1.32.0
+categories: [release]
+tag: v1-32-0
+sha: 413eded6
+---
+<!--
+{% comment %}
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to you under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+{% endcomment %}
+-->
+
+The [Apache Calcite PMC]({{ site.baseurl }})
+is pleased to announce
+[Apache Calcite release 1.32.0]({{ site.baseurl }}/docs/history.html#v1-32-0).
+
+Coming 1 month after [1.31.0](#v1-31-0) with 19 issues fixed by 16
+contributors, this release fixes
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-39135">CVE-2022-39135</a>,
+an XML External Entity (XEE) vulnerability that allows a SQL query to
+read the contents of files via the SQL functions `EXISTS_NODE`,
+`EXTRACT_XML`, `XML_TRANSFORM` or `EXTRACT_VALUE`.
+
+With contributions from 16 contributors, this release
+<a href="https://issues.apache.org/jira/browse/CALCITE-4294">replaces
+the ESRI spatial engine with JTS and proj4j</a>, adds
+<a href="https://issues.apache.org/jira/browse/CALCITE-5262">65
+spatial SQL functions</a> including `ST_Centroid`, `ST_Covers` and
+`ST_GeomFromGeoJSON`, adds the
+<a href="https://issues.apache.org/jira/browse/CALCITE-5241">CHAR</a>
+SQL function, and improves the return type of the
+<a href="https://issues.apache.org/jira/browse/CALCITE-4999">ARRAY and
+MULTISET</a> functions.