Skip to content

Immuta v2021.1.0 Errata

Immuta v2021.1.3

Immuta version 2021.1.3 was released April 16, 2021.

v2021.1.3 Bug Fixes

  • CVE with Underscore.js
  • CVE with SSRI

Although this patch release addresses these CVEs, Immuta's software was not vulnerable through either of them:

  • Immuta does not use Underscore directly and never passes any user input down to either of the libraries that depend on Underscore.
  • The SSRI vulnerability was a performance degradation issue, and SSRI is only a dependency of npm, code that is never executed by Immuta.

Immuta v2021.1.2

Immuta version 2021.1.2 was released April 13, 2021.

v2021.1.2 Bug Fixes

  • Added support for encrypted, universal configuration to the immuta-db container when running with Patroni.

  • Common Vulnerabilities and Exposures (CVEs) addressed:

    • XMLDOM
    • Python

  • In Databricks, data sources could not be created against views with subqueries.

v2021.1.2 Known Bugs

  • The Spark 3 build logs warnings on cluster startup. To address this issue, customers can upgrade to Immuta v2021.1.3 or set IMMUTA_SPARK_VERSION_VALIDATE_ENABLED=false in their environment variables.

Immuta v2021.1.1

Immuta version 2021.1.1 was released March 30, 2021.

v2021.1.1 Bug Fixes

  • Users could not edit the name of derived data sources after they were created.
  • Users who did not have access to underlying tables in Hive and Impala were unable to create data sources against the view.
  • When the query plan was parameterized in the Query Engine, queries were audited multiple times in the audit logs.
  • External user IDs were not cleared after disabling an IAM.
  • Data sources registered using the Trino handler weren't available in native Trino.
  • Users were unable to create Databricks derived data sources backed by a directory.
  • Immuta could error out if an entitlement Global Subscription Policy and a non-entitlement Global Subscription Policy got applied to the same data source.
  • In Databricks, Python and R queries were not audited.
  • Databricks Debugging notebook was not deployed with other Hadoop artifacts.
  • When a table was created in a Databricks workspace alias path, users could alter the table's set location to outside the workspace.

v2021.1.1 Known Bugs

  • The Spark 3 build logs warnings on cluster startup. To address this issue, customers can upgrade to Immuta v2021.1.3 or set IMMUTA_SPARK_VERSION_VALIDATE_ENABLED=false in their environment variables.

Immuta v2021.1.0

v2021.1.0 Known Bugs

  • The Spark 3 build logs warnings on cluster startup. To address this issue, customers can upgrade to Immuta v2021.1.3 or set IMMUTA_SPARK_VERSION_VALIDATE_ENABLED=false in their environment variables.
  • Removing an IAM from Immuta can lead to conflicts with user accounts in integrations.
  • Certain queries executed through the Query Engine are audited many times.
  • Users cannot create derived data sources backed by a directory. To circumvent this issue, users can create the table in Spark before creating the derived data source.