The Apache Calcite PMC is pleased to announce Apache Calcite release 1.32.0.
This release
fixes
CVE-2022-39135,
an XML External Entity (XEE) vulnerability that allows a SQL query to
read the contents of files via the SQL functions EXISTS_NODE
,
EXTRACT_XML
, XML_TRANSFORM
or EXTRACT_VALUE
.
Coming 1 month after 1.31.0
with 19 issues fixed by 17 contributors, this release also
replaces
the ESRI spatial engine with JTS and proj4j, adds
65
spatial SQL functions including ST_Centroid
, ST_Covers
and
ST_GeomFromGeoJSON
, adds the
CHAR
SQL function, and improves the return type of the
ARRAY and
MULTISET functions.
See the release notes; download the release.