Apache Ranger 2.4.0 - Release Notes

** Bug
    * [RANGER-2737] - Ranger REST API returns different information when GET user by id and by name
    * [RANGER-3080] - A service administrator should be allowed to set "excludes" flag for a policy resource
    * [RANGER-3108] - NPE in RangerPolicyRepository.init
    * [RANGER-3387] - Ranger Admin Header Validation.
    * [RANGER-3394] - Too much `varchar(4000)` causes table to exceed ROW SIZE limit in MySQL
    * [RANGER-3500] - Ranger policy list doesn't support sorting by field
    * [RANGER-3670] - Policy update creates unnecessary entries in transaction log table
    * [RANGER-3680] - mysql ErrorCode:1118 when Importing DB schema to database
    * [RANGER-3719] - Can not create mysql table with charset utf8mb4.
    * [RANGER-3775] - Logback.xml has been incorrectly modified by RANGER-3704.
    * [RANGER-3789] - Upgrade Handlebars version to 4.7.7
    * [RANGER-3790] - Ranger tagsync module should not depend on kafka server
    * [RANGER-3791] - Upgrade json-smart, gson and jersey-client libraries version
    * [RANGER-3798] - Ranger API Resource Metrics REST "Up time of JVM" does not update.
    * [RANGER-3806] - Group's users mapping entry failing whenever primary key auto-increment is not set to 1 in db
    * [RANGER-3807] - getUserRoles API gives 200 for non existing user passed to this API
    * [RANGER-3813] - Fix ConcurrentModificationException in UnixUserGroupBuilder
    * [RANGER-3814] - IS_IN_ROLE(roleName) condition always returns false
    * [RANGER-3816] - update getResourceACLs() API to handle macros in resource names
    * [RANGER-3819] - Upgrade springframework version
    * [RANGER-3820] - Upgrade Netty version to 4.1.78.Final
    * [RANGER-3824] - [Ranger] : /service/tags/resources error message is not proper for duplicate resource & not able to update resource resource
    * [RANGER-3825] - Ranger internal user is unable to change his password after the upgrade.
    * [RANGER-3829] - Incremental Sync value is always true under Ranger Audit (Usersync)
    * [RANGER-3840] - SHOW DATABASES command should list databases owned by the user
    * [RANGER-3846] - Ranger DB patch 058 failing when multiple policies having same resourceSignature
    * [RANGER-3847] - [Ranger] : Http status & Error message is not correct for /xaudit/trx_log
    * [RANGER-3848] - RangerClient does not auto renew Kerberos ticket after ticket lifetime expired
    * [RANGER-3853] - Ranger java patch J10054 takes time
    * [RANGER-3854] - Ranger Java patch J10056 takes time
    * [RANGER-3857] - Ranger java patch J10055 takes time
    * [RANGER-3863] - Ranger Failed to run on Apple M1 macOS (Apple Silicon)
    * [RANGER-3883] - emailchange and passwordchange User REST API's work even when invalid user id is used in the url
    * [RANGER-3885] - User REST API /users/firstnames returns only null with status code 204
    * [RANGER-3894] - Application is 'unknown' for metastore in plugin status page
    * [RANGER-3897] - RangerUserStore cache improvement
    * [RANGER-3898] -  Ranger Roles cache Improvement
    * [RANGER-3907] - Skip auditing of operation like monitorHealth in HDFS Ranger Plugin audit handler 
    * [RANGER-3911] - NPE fix in RangerDefaultPolicyEvaluator
    * [RANGER-3912] -  Ranger Policy report for a given user should fetch policies maintained for roles belonging to that user and groups
    * [RANGER-3914] - Change sync_source column's datatype from varchar to text
    * [RANGER-3918] - Namespace policy that is created in Ranger by HBase Grant command not getting honored
    * [RANGER-3920] - When sync'ing users from Ldap,  intermittent User/Group/UserGroup membership  is missing
    * [RANGER-3941] - optimize cache refresh in RangerUserStoreCache
    * [RANGER-3946] - ranger-yarn-plugin missing commons-lang-2.6.jar
    * [RANGER-3953] - potential NPE during policy-engine initialization
    * [RANGER-3956] - Upgrade Commons Text to 1.10.0
    * [RANGER-3959] - condition expression validation
    * [RANGER-3966] - incorrect roles used in policy evaluation for custom RangerAccessRequest impl
    * [RANGER-3969] - Remove os.path.join causing incorrect windows path
    * [RANGER-3970] - Expression evaluation improvements
    * [RANGER-3977] - Fix Ranger TagRest API deleteTagResourceMapByGuid
    * [RANGER-3989] - KMS APIs fail due to ConcurrentModificationException
    * [RANGER-3991] - Upgrade underscore-min.js, underscore.js and moment-with-locales.min.js
    * [RANGER-4000] - unit test failure in JDK17
    * [RANGER-4008] - RangerTagEnricher to ignore invalid resources
    * [RANGER-4014] - update getResourceACLs() API to handle resource names having macros in row-filter/masking policies
    * [RANGER-4018] - Ranger src packaging should exclude generated/unnecessary files
    * [RANGER-4029] - Ranger cannot build with HBase 2.5.x versions because preBalance coprocessor hook syntax changed in HBASE-26147
    * [RANGER-4035] - support for policies to refer access-types using category, like Create/Read/Update/Delete/Manage
    * [RANGER-4043] - [ugsync]Enumerate Groups will give error on executing 'getent group' command
    * [RANGER-4044] - Publish official docker images for ranger to dockerhub
    * [RANGER-4055] - Compulsory field firstName can be passed empty or null in the payload while creating user through API
    * [RANGER-4057] - [Ranger] /tags/tags/cache/reset api give 200 response for invalid service
    * [RANGER-4064] - RANGER-3348 introduces bug in python client for SSL enabled clusters
    * [RANGER-4065] - Fix README and PyPI Doc for Ranger Python Client 
    * [RANGER-4074] - assignPermissionToUser in XUserMgr creates entries with NULL moduleId in x_user_module_perm
    * [RANGER-4079] - Python client to use the given Ranger endpoint, instead of its baseURL
    * [RANGER-4102] - update TestPolicyACLs unit test to validate ACL count
    * [RANGER-4109] - Add unique constraint on resource_signature column of x_rms_service_resource table
    * [RANGER-4110] - Upgrade to TLS to version 1.2 -Part2
    * [RANGER-4112] - Update servicedef by name results in 400 status code while the same request works with update servicedef using id
    * [RANGER-4113] - Upgrade tomcat to 8.5.86
    * [RANGER-4121] - NPE in security-zone update validation
    * [RANGER-4123] - No policy found for given version
    * [RANGER-4126] - Fetching getDBVersion in BaseDao class in the security-admin-web throws Exception for Oracle Database
    * [RANGER-4127] - Unable to delete the user if policy is created by same user and added in the policy item
    * [RANGER-4144] - Fixed Kafka Test Suite Issues
    * [RANGER-4154] - Usersync fails to push users to Ranger, due to missing firstName field
    * [RANGER-4155] - Structure of resource(UI) hierarchy in policy form not proper formatted for multiple values. 

** New Feature
    * [RANGER-3828] - Fine-grained Access Control over nested structures
    * [RANGER-3852] - Performance and scalability analyzer tool for Ranger
    * [RANGER-3855] - RangerExternalUserStoreRetriever class
    * [RANGER-3971] - Upgrade HBASE version to 2.4.6
    * [RANGER-4028] - Ranger - Upgrade bootbox.js.

** Improvement
    * [RANGER-2928] - [Ranger Zone REST API] Resources data is missing in XML format
    * [RANGER-3165] - Upgrade Elasticsearch version in Ranger to Elasticsearch 7.10.2
    * [RANGER-3534] - Review of RangerHiveAuditHandler
    * [RANGER-3623] - Add ability to enable anonymous download of policy/role/tag
    * [RANGER-3633] - Remove eclipse .project file from git
    * [RANGER-3664] - Ranger KMS : Add refresh functionality on kms key listing page.
    * [RANGER-3763] - The max limit of the requested entities is not configurable in tagsync
    * [RANGER-3767] - Add text message in HDFS and YARN policy pages to highlight the fallback ACL option
    * [RANGER-3787] - Non-daemon threads started by ElasticSearchAuditDestination cause Spark application hanging
    * [RANGER-3794] - Improve performance of delete users/groups utility
    * [RANGER-3796] - Enhancement to support multiple resource sets in a policy
    * [RANGER-3818] - Upgrade Solr to 8.11.2
    * [RANGER-3822] - RangerService outputs password information in plaintext
    * [RANGER-3837] - Allow Ranger non-admins to get, create, edit and delete roles
    * [RANGER-3856] - Ranger admin client option to work with non-kerberized server
    * [RANGER-3865] - support for using user attributes in masking expressions
    * [RANGER-3900] - Roles deletion Takes time in Apache Ranger when there are more users,groups,roles
    * [RANGER-3902] - dbLoadTime is not added correctly in RangerServicePoliciesCache
    * [RANGER-3903] - Improvement in RangerPolicyDeltaUtil--> applyDeltas method
    * [RANGER-3910] - API Documentation is broken for knox sso
    * [RANGER-3934] - improve tag cache handling to reduce resource usage
    * [RANGER-3940] - Add javascript includes(), intersects() polyfills for array prototype to RangerCommonConstants
    * [RANGER-3948] - update serialization to skip empty values
    * [RANGER-3951] - optimize memory used for tags in plugins and server
    * [RANGER-3955] - optimization to reduce duplicate strings
    * [RANGER-3973] - LDAP incremental search not always available
    * [RANGER-3978] - Docker setup to run Ranger KMS 
    * [RANGER-3982] - Python client for Ranger KMS REST APIs
    * [RANGER-3983] - Support getColumnMasks and getRowFilters in Trino SPI 376+
    * [RANGER-3985] - Trino plugin: Check table name when creating tables
    * [RANGER-3986] - Upgrade trino guice dependency to 5.1.0
    * [RANGER-3988] - Trino plugin should differntiate between views and tables
    * [RANGER-3997] - option to use default value when user/group/tag does not have the attribute
    * [RANGER-4004] - During the service deletion also, we can clear the in-memory cache for that service which got deleted on the ranger side
    * [RANGER-4011] - option to disable creation of default policies per hierarchy
    * [RANGER-4012] - getPolicyByName searches policy by serviceName, policyName simply by traverse all policies in RangerServicePoliciesCache instead of DB  
    * [RANGER-4024] - Adding requestId as part of Ranger logs via RangerMDCFilter when the request header contains request-Id
    * [RANGER-4071] - Support for LDAP/AD usernames and group names with special chars
    * [RANGER-4080] - Python client update to add missing security-zone APIs
    * [RANGER-4083] - Tag-based policy UI to not show permissions in deny/exception for services that don't support deny/exception
    * [RANGER-4100] - Efficient computation of the smallest set of evaluators returned by search of multiple Trie trees
    * [RANGER-4101] - Java client update to add missing security-zone APIs
    * [RANGER-4107] - Upgrade EclipseLink
    * [RANGER-4114] - Consistent use of plugin property prefix in context enrichers
    * [RANGER-4117] - service-def option to include expression condition implictly
    * [RANGER-4122] - [RangerAdmin] Reorganize authorization/access check logic

** Test
    * [RANGER-3808] - Ranger的REST API接口（/roles/roles/{id}/addUsersAndGroups）本地测试提示404
    * [RANGER-3834] - Test cases for RoleREST.java missing (security-admin module)
    * [RANGER-3849] - Test cases for ServiceREST.java missing
    * [RANGER-4105] - Python script to create/update/delete policies from multiple threads

** Task
    * [RANGER-3780] - Ranger - Upgrade tomcat to 8.5.79
    * [RANGER-3782] - RANGER - Upgrade spring-security version to 5.6.5
    * [RANGER-3841] - update version ranger-2.4 to 2.4.0-SNAPSHOT
    * [RANGER-3960] - RANGER - Upgrade spring-security version to 5.7.5
    * [RANGER-3996] - Upgrade commons-configuration2 to version 2.8.0
    * [RANGER-4116] - Define description/topics/merge strategy for the github repository with .asf.yaml
    * [RANGER-4140] - Release Apache Ranger 2.4.0