You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@calcite.apache.org by Francis Chuang <fr...@apache.org> on 2022/07/28 00:07:41 UTC

[ANNOUNCE] Apache Calcite Avatica 1.22.0 Released

The Apache Calcite team is pleased to announce the release of Apache 
Calcite Avatica 1.22.0.

Avatica is a framework for building database drivers. Avatica defines a 
wire API and serialization mechanism for clients to communicate with a 
server as a proxy to a database. The reference Avatica client and server
are implemented in Java and communicate over HTTP. Avatica is a 
sub-project of Apache Calcite.

Apache Calcite Avatica 1.22.0 is a maintenance release to resolve 
CVE-2022-36364: Apache Calcite Avatica JDBC driver httpclient_impl 
connection property can be used as an RCE vector. Users of previous 
versions of Avatica MUST upgrade to mitigate this vulnerability. For a 
full list of changes, please see the release notes:

   https://calcite.apache.org/avatica/docs/history.html#v1-22-0

The release is available here:

   https://calcite.apache.org/avatica/downloads/avatica.html

We welcome your help and feedback. For more information on how to report
problems and get involved, visit the project website at:

    https://calcite.apache.org/avatica/

or the Apache Calcite project website:

    https://calcite.apache.org/

Thanks to everyone involved!

Francis Chuang, on behalf of the Apache Calcite team.

[ANNOUNCE] Apache Calcite Avatica 1.22.0 Released

Posted by Francis Chuang <fr...@apache.org>.

The Apache Calcite team is pleased to announce the release of Apache 
Calcite Avatica 1.22.0.

Avatica is a framework for building database drivers. Avatica defines a 
wire API and serialization mechanism for clients to communicate with a 
server as a proxy to a database. The reference Avatica client and server
are implemented in Java and communicate over HTTP. Avatica is a 
sub-project of Apache Calcite.

Apache Calcite Avatica 1.22.0 is a maintenance release to resolve 
CVE-2022-36364: Apache Calcite Avatica JDBC driver httpclient_impl 
connection property can be used as an RCE vector. Users of previous 
versions of Avatica MUST upgrade to mitigate this vulnerability. For a 
full list of changes, please see the release notes:

   https://calcite.apache.org/avatica/docs/history.html#v1-22-0

The release is available here:

   https://calcite.apache.org/avatica/downloads/avatica.html

We welcome your help and feedback. For more information on how to report
problems and get involved, visit the project website at:

    https://calcite.apache.org/avatica/

or the Apache Calcite project website:

    https://calcite.apache.org/

Thanks to everyone involved!

Francis Chuang, on behalf of the Apache Calcite team.