Release Notes V R2 (General Availability)

Release V R2

New Features

  • Alation is more resilient to unresponsive data sources. Alation V R2 includes the following changes: 1. The timeout value has been adjusted so that an unresponsive data source can no longer cause Alation to crash. 2. If one data source becomes unresponsive, Alation will still process queries executed on other data sources. In order to improve resiliency, this version of Alation has a data migration that may require more disk space. The installer will check if there is enough space to proceed, and it will halt the update if there is not enough.

  • Previously, only individual users could be added as members of a private data source and get access. Now, Alation supports adding groups as members of a private data source.

  • Alation can now be deployed in a Docker container.

  • The Trust Check highlight makes it easier for analysts to see quality flags on data on their queries. Object flags, including endorsements, warnings, and deprecations are now also shown when hovering over a Trust Check highlight.

  • Custom JDBC drivers can be provided and used in place of the standard ones packaged with Alation. In addition, when adding a new data source, you can now choose “Custom DB” to connect to a database that is not supported natively by Alation by providing a JDBC driver. This driver will be used to extract metadata, perform profiling, and enable Compose for that data source.

  • The custom fields on tables, files, file systems, and BI objects will show the history of changes to the field. A clock icon is visible by each field. Click the clock to bring up a modal which displays the past history of changes to the field. The changes include the time, contents, and author of the change. Custom field history for Data Sources, Schemas, and Columns as well as history for tags and flags will be available in upcoming releases.

  • Alation now supports EMR Hive query log ingestion from an S3 repository with Hive running on MapReduce engine.

  • Users can filter query search under the Search menu in the top navigation to show scheduled queries. The results display the information about the schedule for each query, when it was last run, and whether the last run was successful. An indicator shows if the query schedule is paused by the user or by the system (if the query has unsaved changes for instance). The schedule can now be enabled or disabled by the author, or by any administrator.

  • Alation now supports cataloging API Resources as a part of Alation Data Catalog. With this capability, an enterprise has a single location to discover all available APIs, the end points for these APIs, and the schemas for their input and output . These APIs can be grouped into folders and subfolders for easy discoverability. In addition, these catalog entries can take advantage of all the Alation capabilities such as Advanced Search, Collaborate with others over the APIs and so on. The feature flag alation.feature_flags.enable_api_resource needs to be turned on for the feature to function. For further details and code samples, refer to the API documentation

  • For customers with Salesforce Einstein Analytics connected to Alation, the Analytics dashboard will be certified when the equivalent dashboard is endorsed in Alation. Note: 1) Users of Salesforce Einstein Analytics can enable this integration from Alation Labs. 2) When dashboard in Alation is endorsed, warned, or deprecated, Alation intimates this change to Salesforce Einstein Analytics as follows: a) If a dashboard has been marked as deprecated by a single user, then, the prefix DO NOT USE is added to the dashboard title in Salesforce. b) If a dashboard has not been deprecated or warned by anyone, but endorsed by a single user, then, the prefix CERTIFIED is added to the dashboard title in Salesforce. 3) If a user manually edits the title in Salesforce and removes the prefix, then, the next metadata extraction job runs in Alation and reverts the title to the dashboard. 4) The service account associated with the Salesforce Einstein Analytics instance in Alation needs to have “Manage Dashboard” permission in Salesforce for all the folders (shared, private, and so on).

  • Alation enables searching of words which begins with one lowercase letter followed by multiple upper case letters. Example: The word “iPOD” can be found by searching for “ipod” or “iPOD” or “iPod”. Alation has also enhanced support for searching words with camel case. Example: The word “DataCatalog” can be looked at by searching “data catalog” or “DataCatalog,” but not by searching “datacatalog”. Now “datacatalog” would also match “DataCatalog”. Note that this change will not take effect immediately after an upgrade. The search index will be updated later in a background job run on weekend hours. These changes will gradually take effect after the upgrade process.

  • The Explain button has been enabled in Compose for DB2 and Oracle data sources to simplify generation of an explain plan.

  • After executing a query in Compose that results in an error, the link to the error can be shared with the context of the statements executed in the session. In the results pane, select the “More” menu and then select “View in catalog” to see the page, or “Share” to send the link to a colleague.

  • Significant improvements  are made in the API for uploading catalog metadata (Virtual Data Source APIs): The API is at parity with our custom connectors and all enhanced metadata can now be uploaded through API and bulk upload (CSV). Compose (the Alation Query Editor and Execution tool) can now be enabled for virtual data sources by adding a compatible JDBC driver in General Settings page. For more information, see the API documentation.

Admin Release Notes

New Features

  • Any user can be designated as a Data Source Admin for a particular data source and manage its configuration. The Server Admin can delegate configuration of a data source to regular users by assigning them to be the Data Source administrator of that data source. Additionally, private data sources now support adding groups of users as viewers. The Data Source Admin can configure the data source settings, including configuring the URI and credentials, scheduling the metadata extraction, profiling, and Query Log ingestion(QLI) jobs. The list of Data Source administrators can be configured from the new tab called “Access”, which is available on the Data Source settings page. The Data Source Admin can also manage the list of users who have access to a private Data Source from the “Access” tab. A new menu called “Sources” is added in the top navigation bar. This allows any user to see the list of available sources (Data Source, BI, File Systems) and the list of sources they can configure as Data Source administrators. The Deployment Command Center is moved from the Admin Settings page to the “Sources”menu. The search functionality is updated to manage the permission to reflect the changes to the viewers of a data source immediately.

  • Alation supports compose, metadata extraction, sampling, and query log ingestion from Sybase Adaptive Server Enterprise (ASE) (Version 16.0 SP03) as a data source. This can be configured by following the steps in the Add New Data source page in Admin settings. To enable the addition of this data source, turn on the feature flag: alation.feature_flags.enable_datasource_sybasease Lineage is unavailable for this release.

  • Alation supports metadata extraction and lineage from SQL Server Reporting Service (SSRS) (Version 14) as a BI server. This can be configured by following the steps in the Add New BI Server page in Admin setting. alation_conf enables the functioning of this feature. Set the generic bi flag and SSRS flag as follows: alation_conf alation.feature_flags.enable_generic_bi -s True alation_conf alation.feature_flags.enable_ssrs_bi -s True The preview of mobile reports is unavailable for this release. User permission cannot be viewed for this release.

  • The API allows users to upload the details of an API Resource that are displayed in Alation Catalog. An API Resource consists of a URL, a HTTP method, a response type, a JSON Schema describing the input(s) to the API Resource, and a JSON Schema describing the output. Using this API, you can: Create new API Resource Catalog Pages and place them under folders. - Retrieve an existing Resource - Update the details of an existing API Resource, or relocate it - Delete an API Resource. The given resource will be marked deleted, but can be restored. The administrator can only create or update the API resource using this API.

  • Alation supports compose, metadata extraction, sampling, query log ingestion, and popularity for AWS Glue (Version 2017-03-31 ) as the Hive metastore replacement. This can be configured by following the steps in the Add New Data source page in Admin setting. Lineage is not supported for this release.

  • Alation supports compose, metadata extraction, sampling, query log ingestion, lineage, and popularity for AWS Redshift Spectrum (Version 1.0.1385) as a data source. This can be configured by following the steps in the Add New Data source page in Admin setting. Showtable is not available for this release.

  • Alation supports compose, metadata extraction, sampling, and query log ingestion for Snowflake (Version 2.34.0) as a data source. This can be configured by following the steps in the Add New Data source page in Admin setting. Popularity is supported for this release via Compose and Query log ingestion. However, the table name must be fully qualified. Example: Sample- dbName.schemaName.tableName. Queries run using partially qualified names via schema selector does not get ingested. So, the popularity for such queries will not be calculated. Foreign key is also not supported for this release.

  • Alation supports metadata extraction from Azure Data Lake Store (Version Gen1 ) as a file system. This can be configured by following the steps in the Add New Data file system in Admin setting. File and folder names with special character is unavailable for this release.

  • Alation supports compose, metadata extraction, sampling, and query log ingestion from Google Big Query (Version 2 ) as a data source. This can be configured by following the steps in the Add New Data source page in Admin setting. Lineage and popularity are unavailable for this release.

  • The administrator can see the background tasks running on Alation and terminate a specific task. However, manual termination of these tasks should be used sparingly.This feature is available under Admin > Settings > Monitor page, which displays a tab of active and queued task and a tab that displays recently completed task.

  • Alation Server upgraded its connector from running on Java 8 to Java 9. This should be invisible to end users of Alation. However, there is one case where a configuration update may be needed. Data sources that use kerberos authentication could be impacted if the “renew_lifetime” parameter is incorrectly configured in the krb5.conf file. This parameter was ignored by Java 8 and Java 9 added support for it. So, if this was set previously in a way that would not work, the connector would have ignored it and connected successfully. If you have a kerberized data source and encounter error messages in the logs that say “message stream modified,” then, check if this renew_lifetime parameter is set and try commenting it out and restarting. This will only impact customers who have added custom JVM flags through the `taskserver.extra_flags` or `connector.extra_flags` settings. Alation supported a setting to pass custom flags to the JVM running some of the Alation services. Since Alation upgraded to using Java 9, it is possible that one of these custom flags is no longer supported. If that is the case, then the TaskServer and Connector would not start until the offending flag is removed from “taskserver.extra_flags” and “connector.extra_flags”. Some known flags that might have been added are related to GC logging. For additional information, see https://dzone.com/articles/disruptive-changes-to-gc-logging-in-java-9.

Improvements

  • Previously, the  public push API for generic BI populated only the physical data. Now, the public push API will populate physical data and create lineage by using JSON data from the user.

  • Uploading a file with a password column will cause the password for all users in the upload to be set appropriately. This is a workaround for creating a non-SSO user in an SSO-enabled environment. However, it is not possible to update the password of an existing user during user profile upload.

  • The time of endorsement/warning/deprecation note from the previous calendar year is now displayed in a user friendly manner.

  • The user can now check the status of all Alation processes using the /etc/init.d/alation command. This is helpful when users try to debug outage.

  • Alation installer will ensure that necessary users and groups are created. If there is a problem with the creation of users and groups, the installer will exit.

  • Watchers and stewards will receive an email notification when the article gets deleted from Alation.

  • The installer will check /dev/null and will abort if the device is invalid.

  • The “Enable automatic archiving” checkbox is selected as default under the ‘Archive processed QLI data’ section on the admin/misc settings page. If this checkbox is selected, the archival of the processed QLI data happens at two pm every Saturday. If this checkbox is not selected, the job will be run at 10pm every Saturday.

  • When performing trust check, Alation offers the choice of retrieving the correct flag for the table. This resolves the ambiguous tables and attributes to the schema displayed in the schema selector.

  • To get the full version of Alation installation, ‘/full_version’ can be used. Example: http:alation.corp.com/full_version. However, the order of items in the result was indeterminate. In this release, the order of the data is fixed and the result will conform to a predefined order.

  • Alation tries to guess the title of data objects. Previously, it would never guess names that contained digits, even if it could guess the non digit part of the name. Now, it will attempt to guess names containing digits. For example, if an object named “eml_addr” was guessed to be “Email Address” and another object was named “eml_addr1”, no guess would have been made for “eml_addr1”. Now, it might be guessed as “Email Address 1.”

  • Previously, Alation was not able to use directories other than standard /home/alation and /home/alationadmin for Linux accounts. Alation now supports non-standard system home directory and shell for Linux accounts.

  • Previously, Alation did not take into account the recency of usage when calculating popularity. Now, Alation provides object popularity weighted by the recency of usages. To enable it inside chroot, turn on the feature flag alation_conf alation.feature_flags.enable_popularity_aging -s True.

Bug Fixes

  • Updating filesystem objects with mixed case names using upload logical metadata API did not work and threw an error saying that the object was not found. Users can now update logical metadata for Directories and Files with mixed case names.

  • Fixed a bug introduced in 5.0.5 that prevented new users from signing up with SAML authentication. In 5.0.5-5.0.6, new users would experience errors when signing up for the first time by authenticating with their SAML credentials.

  • Previously, disabling Compose for a data source would prevent new queries from being created, but would still allow users to run existing queries on that data source. Now, if the data source is disabled (that can be done from General Settings on any Data Source Settings page) will also prevent Compose from connecting to the data source or running existing queries.

  • The usage.page_visit was displaying the incorrect object ID value of column objects for customers using the Alation database. Now, the object_id values in column objects should have integer ID that can be joined with ‘objects.columns’ table.

  • The Business Intelligence Catalog Browser would repeatedly search for more BI Servers. This issue has been resolved and memory usage has significantly improved.

  • If an admin user attempted to upload user profiles with usernames that start with one or more 0s, then, the leading 0s would be stripped. Now, the user profile uploader will work correctly with csv files having numeric usernames starting with 0s.

  • Authors of saved queries receive email notification with a list of affected queries when a table is marked as deprecated or when a warning is added. Previously, this notification included deleted queries. Now, the notification will only include active queries.

  • On the Query catalog page, you can see a clock icon by the title that will open a modal showing the history of title changes to that query. Previously, this modal was not available for users who did not have permission to edit the title. Now, even users who cannot edit the title can see the title history because anyone who has permission to view the title should be able to see the title history.

  • The title for a Salesforce Einstein BI Report in Alation was different from the title in the Salesforce Einstein Analytics Report. This issue has been resolved.

  • For instances with a high rate of metadata changes, the Metadata Change Log can get large enough to cause an error on metadata extraction, with the message: “DataError: integer out of range.” This version includes a new flag to temporarily disable Metadata Change Log if you have encountered this situation.  In the Alation shell, use the command “alation_conf alation.enable_ metadatachangelog -s False” to disable the feature and get metadata extraction working again.

  • Alation stripped authentication information from the URI used for Hive/Impala QLI. This information is now properly passed to the server.

  • If the edit permission of Articles displayed in the Alation home page for some users are modified, then, other users could not load the home page and would get a 500 error. The edit permission on the article is restricted and other users can load the home page and see the articles, but cannot edit them.

  • Reloading the permission page under Admin Settings caused the page to crash if permission was added for BI site, BI Project or BI Workbook. The page no longer crashes when permission is added for BI site, BI Project, or BI workbook.

  • Alation was using a different service account for datadog service. To simplify the installation process, the data dog agent now runs as Alation user.

  • The admin users were not able to delete shared flags on catalog set even though they were the author of the flag. Now, an admin user will be able to remove flags added by them or by other users.

  • Data that can be queried using the Compose tool sometimes failed to get profiled. Parsing of the results of the data profiling job is now consistent with Compose.

  • When mentioning users in a conversation, the display name in the email received by the user is the display name set in admin settings -> Email Server.

  • The BindDN and BindPassword fields were not visible on the LDAP Authentication Settings page for Admin user. This was an issue with Internet Explorer.

  • Schema with the same name and multi part name did not show up correctly in search when search de-duplication was turned on. Previously if there were two schema named ‘public.sales’ and ‘sales’, and when users searched for ‘sales’, only one of them showed up. Now, the schema with same name and multi part name shows up.

  • Previously, a scheduled query would fail unnecessarily in rare cases (if the scheduling user had never connected via Compose to the associated data source using a URI that matches the default URI for that data source). Now those scheduled queries will run successfully.

  • If the administrator clicks “Activate All Pending,” it activated only one user from the list of pending users. Now, all pending users will be activated when the administrator clicks ” Activate All Pending.”

  • If a non-integer ID is used for querying a resource, a value of 400 is returned now. Previously, the ReportResource API returned 500.

  • Previously, users in Compose could end up in a state where the filter popover menu would stick around when compose tabs are changed using hotkeys. Now, the filter popover goes away when the users change compose tabs using hot keys.

  • The table of Virtual Data Sources displayed a column count of zero. The proper number of columns will now be displayed after running Metadata Upload on virtual data sources.

  • Tableau lineage will now work even in the presence of a three-level schema (server(catalog).database.schema), created using linked servers. The parsing of Tableau connection information is fixed for Oracle.

  • When images are added to an article, a button is available to set the size of images. Previously, when the user clicked this button, the dialog to enter the size of the image was very small. So, it was not possible to understand the content or to make any edits. This dialog is now rendered properly.

  • The data object name uploaded to a virtual data source using the metadata upload tab is displayed in lowercase. The character casing presented in the uploaded metadata file is now properly preserved in the Alation UI.

  • Upgrading to a new version of Alation with lower build number left the server in inconsistent state. This has been resolved.

  • If the user adds or removes tags from object pages, the stewards and watchers cannot get email notification. The notification of tags for both single object and cognate sync is added now.

  • Metadata extraction remained stuck in the “STARTED” state when the celery worker was killed. Now, the Metadata extraction job status will get updated to “FAILED” when a celery worker is killed.

  • Unsaved queries that are viewed in catalog will display N/A for “last saved.”

  • The commented text is more visible in the dusk theme of compose due to enhanced highlighting colors.

  • Tableau lineage can now properly distinguish between databases that have the same host, but different ports.

  • A suspended user would see the “Awaiting approval” message after logging on to Alation using SAML. Now, the suspended user will see the “Account Inactive” message. The suspended user will be automatically logged out.

  • The inconsistent lower casing of schema and table names throughout the UI has been resolved. Alation will now display the table and schema name in appropriate casing.

  • Scheduled jobs including metadata extraction, profiling, scheduled queries and so on continued to get executed even after the server class instance was deleted. Examples of server class instance include BIServer, FileSystem, data source, and ReportServer.

  • Metadata extraction used to fail for SQL server configured to use a case sensitive server collation. Support has been added for SQL server instances with case sensitive collation.

  • Dimensions and Measures are now getting extracted correctly for Cognos BI source.

  • In MicroStrategy, Emmacubes are treated as reports that have a variable subtype EmmaCube which in turn differentiates them as Cubes. Alation now extracts measure and dimension from the cube data sources and also adds missing lineage for dashboards.

  • Users were not able to search for articles within custom template facets in advanced search. This has been resolved.

  • The extraction crashed with an infinite loop on a Microstrategy server if a subfolder contained a shortcut to any of its parent folders. Seamless extraction takes place irrespective of the existence of shortcut to the parent folder.

  • Alation provides SSL/TLS encryption support for Oracle/Vertica and MySQL connectors.

  • Previously, users who have been suspended from Alation would still show up in search results. Now, when a user is suspended, they will be removed from the search results. Note that this will not apply retroactively to users suspended before this change. Those users will be removed from search the next time the search is re-indexed.

  • The vertical text alignment in tables now persist in the article editor.

  • The untitled articles would show up blank under Relevant Articles on catalog pages. Now, we show “Untitled Article” with the article’s ID.

  • Previously, users could not see that their profile picture changed when they uploaded a new one. This was because browsers were caching the image and the name of the image was re-used when the picture was changed. The picture would actually be changed, but they would not see it for a long time because of this cache. Now, the image name is different. So, users will immediately see their new profile picture after it is changed.

  • Previously, on the lineage tab of the catalog page, only the links between a deprecated parent and its immediate children were displayed in red. Now, all the links from a deprecated parent to its descendants at all levels are displayed in red.

  • Previously, S3 extraction works if a folder is specified, but failed for full extraction. The recursion technique used in the call to S3 for bucket objects has been replaced by the do-while loop. So, Alation can now support more than 10 million objects of a S3 bucket.

  • The object names beginning with unicode characters would cause Metadata Extraction to fail. This issue has been resolved.

  • Previously (since 4.17), if a Tableau Extraction or Virtual Data Source upload job was killed while in progress, then, the UI would no longer show the status of any current or past jobs of that type. The actual jobs would continue to run on schedule, but would not be visible on the settings page. This could happen if the machine or server was restarted in the middle of one of these jobs or if they were killed by the OS or a system admin. Now, current and past Tableau Extraction and Virtual Data Source upload jobs will show regardless of whether one of them has been killed while it was in progress.

  • The video files were being uploaded to an external website. Video uploading is now disabled. Any uploaded videos were deleted from the external server. Users can still embed video files from Youtube, Vimeo and other sources.

  • If a dashboard-type report comprises simple reports, then, the ‘Dashboard’ section lists them as a link on the report catalog page using the generic BI framework.

  • The date selection dropdown in compose’s schedule query modal was hidden inside the modal. This made it difficult to select the date. Now, the dropdown will appear outside the modal which makes it easier to select the date.

  • Alation offers the following pre-packaged custom fields : Stewards, Status, Expert In, Working on, and Interested In. Users can now delete the custom fields.

  • Mention of @ in conversation/description/article only works at the beginning of the line in Internet Explorer.

  • Duplicate file handling in filesystem metadata extraction is more robust.

  • The content of View text in the Table Catalog overview tab and metadata extraction will appear in the same case.

  • Previously, the download logs failed when permission was denied on any log file for the admin user. Now, Alation will skip such log files that do not have permission and display a message showing the list of skipped files.

  • Uploading virtual data source for a database having multi-part schema names (Example: Redshift) now works. Previously, upload to database like MySQL worked, but failed on database types that supports multi-part schema.

  • When using compose in the evergreen theme, the ‘x’ to close the current active query tab will now be an accented orange on hover and does not disappear.

  • If an entire query is cut and pasted repeatedly, the semantic check will run after you stop cutting and pasting the query.

  • Previously, it was possible to click the ‘Save’ button again even while the first save was in progress, causing multiple requests to be sent that could have a performance hit on the Alation server. Now, the ‘Save’ button is not disabled after saving changes to Catalog Set Rules (for both new and existing sets).

  • Opening the Select Templates modal in Custom Glossary in IE 10 or IE 11 would cause the list of templates not to be shown.

  • The installer logs can now be downloaded as part of the Encrypted Logs download after the Alation Upgrade.

  • The unqualified tables were not ranked by popularity in SmartSuggest. Now, typing “SELECT FROM ” should suggest the most popular tables in that data source first.

  • A change in the title of the picker option in the advanced search facets still showed the old name. Reindex is added to update the option.

  • The “Open With” menu appear on schema, table, and column pages even if there were no applications available in the menu. Now, the “Open With” menu only appears if there are available applications.

  • The filtering by name parameter for report collection and report object object types in Business Intelligence Report Browsing API would throw ‘500 Internal Error’. Now, filtering by name parameter returns results matching the name value passed.

  • Previously, if the TeraData data source is set up without an explicit query log table, clicking “Test” in the “Query Log Privileges” section of “General Settings” does not choose the default table. This is resolved now and will use the default table if user does not provide the explicit table name in query log privileges section of General Settings.

  • The Admin user can go to the settings page and send a test email to themselves to test the email server status and verify that the notification service is working. In some cases, even if the test email was sent successfully, the actual notification did not reach the end users. This is resolved such that whenever the email gets sent successfully, the notifications are also delivered successfully.

  • The Article editing window used to jump to top of page in HTML mode. Now, Article Editing in code view (HTML mode) no longer auto scrolls to the top of the page while in edit mode.

Known issues

  • Alation migration will fail when there are huge amounts of objects in object equivalence.

  • The upgrade process from v5.0.3 to v5.4.7 of Alation will fail because the CustomFieldValue table has duplicate rows.

  • After upgrading to Alation v5.4.6 and navigating to the Sources tab, the following error message ” There was an error connecting to the server” occurs and connection to the data sources will fail.

  • The Logical Metadata Service (LMS) will not support unicode characters in Picker Field options and generates a 500 internal error.

Release 5.4.1

Bug Fixes

  • On the General Settings tab of data source settings page, you can select which JDBC driver to use to connect to the data source. Previously, the end of the driver name cannot be seen because they were cut off. This made it impossible to pick the correct driver when two drivers have nearly the same name with a different suffix (version 5.4.0). Now, the drop-down selector should expand to show the full name for all the built-in drivers.

  • Previously, Alation would not be able to parse encrypted assertion when authenticating a user with SAML. The failure to parse encrypted assertions is only for 5.0.5-5.0.9 and 5.4.0 versions. Now, this has been resolved. SAML HTTP POST binding is not supported now.

  • The support for Google BigQuery has been improved. Alation can now resolve partially qualified table names that appear in queries collected from query log ingestion. These queries will appear in the tables’ query history.

  • Alation now supports Hive servers configured with both Kerberos and HTTP transport mode. Previously, Compose and profiling would fail when attempting to run them on Hive data sources in this configuration (version 5.4.0).

  • Alation natively supports the connection to Hive data sources that use the specific combination of Kerberos authentication over SSL. Previously, this was supported through a special configuration and the customer would have to install a custom driver given to them by Alation support (version 5.4.0). Now, this driver is selected through the user interface on the general settings page. Customers who had the old solution configured will need to migrate to the new one. To do this, go to the general settings page of the data source which has this configuration and select the hive-driver-1.1.1-kerberos-ssl-patched driver.

Release 5.4.2

Improvements

  • Microstrategy Alation users are now able to go into the Extraction Settings and enter a per-report timeout in seconds. On extraction, reports that take longer than the amount set will be skipped. This enhancement unblocks the extraction job and allows it to complete successfully. The user will be able to review these problematic reports in the extraction job status where they will be listed by their unique ids.

Release 5.4.3

Bug Fixes

  • A bug was introduced in 5.3.0 (an early release of V R2) that prevented users from being able to form new database connections from the query form screen. Now, users can connect properly from any query form.

  • Metadata extraction was failing for Greenplum due to a filter value in the metadata extraction query (version 5.0.8-5.0.9). To resolve this issue, the pattern to exclude the system schema has been corrected to ensure that user schema names with prefix “pg” do not get excluded during metadata extraction.

Release 5.4.4

Bug Fixes

  • Previously multi picker fields in the UI would sometimes show the wrong values after the “Show Empty Fields” button was used (version 5.0.2-5.0.10). The actual values stored were correct, but the display was wrong. Now, this is fixed and the display will show the correct values regardless of clicking “Show Empty Fields”.

Release 5.4.5

Bug Fixes

  • Profiling is now supported for the following data sources (version 5.4.4): •  Azure Data Warehouse •  SAS

  • Previously, the column profiling failed for SAS causing a null pointer exception to occur (version 5.4.4). This issue has been resolved and the user can now successfully profile individual columns for SAS.

  • The version of the Data Source API in Alation V R2 omitted a field necessary to set up a data source with scheduled metadata extraction (version 5.4.0-5.4.4). Now, the disable_auto_extraction field can be set to false to make the extraction run.

Known issues

  • When the new feature API Resources is turned on in version 5.4.0-5.4.5 (alation.feature_flags.enable_api_resource feature flag is set to True), then the keyboard navigation of the search results in the main search box in the left-hand navigation does not work correctly. It is still possible to click the result with your mouse but not to navigate to the result with the up and down arrows.

Release 5.4.6

Bug Fixes

  • In Compose (version 5.4.0-5.4.5), if there is more than one statement executed in a single run, and one of the statements takes an execution time greater than 30 seconds to complete, then, the error “Query aborted without returning a result” occurs. This issue has been resolved.

  • Previously, when the description for filesystem objects was updated with long HTML text using API, it failed with an unknown error (version 5.0.1). This issue has been resolved. Now, the description supports text with length greater than 1000 characters.

    • indicates the version when the bug was found.

Release 5.4.7

Bug Fixes

  • Alation can now extract Tableau workbook and datasource created using Tableau 2018.

  • Previously, (version 5.4.1 -5.4.6) users were unable to connect to SQL Server data source using NTLM authentication protocol. Despite using valid database credentials, the Service Account Test failed. This issue has been resolved.

Release 5.4.8

Bug Fixes

  • Previously, there was a persistent XSS attack on the user profile page. This allowed a user with a valid Alation account to execute JavaScript in the browser of another Alation user. Any user with an Alation account could create an article and put a script tag in the title of that article. Anyone who browses to the user’s profile page would trigger the execution of the script. The link to the page to trigger the script could be sent to other users. Now, the Article titles will not be executed on the user profile page.

  • Previously, the upgrade process may destroy customer dataset when /opt OR /opt/alation are symlinks. All upgrade to V R2 must use 5.4.8 build or above.

  • Previously, custom picker fields would throw an error when unicode characters were added when configuring their values. Now, unicode characters is supported.

  • Previously, metadata extraction failed with an error serializing dbobjects when the data type was null for Oracle data source. This issue is now resolved.

  • Alation now enforces Security Assertion Markup Language (SAML) signature validation to avoid potential privilege escalation attack in SAML authentication.

  • Previously, the upgrade process from v5.0.3 to v5.4.7 of Alation could fail sometimes due to the migration of custom field data. The upgrade process from v5.0.3 to v5.4.7 is now successful.

  • Previously, if the user drags and drops a file into an article while editing it, the file was temporarily saved outside Alation. Now, these files are stored inside Alation. The size of image inserted in an article should not exceed ALATION_MAX_UPLOADED_ATTACHMENT_FILE_BYTES size. This limitation is enforced now for images inserted into an article using the corresponding widget.

  • Previously, the customers’ upgrade (version lower than 4.18 to higher version) might have failed during the migration of object equivalences to catalog sets since the equivalence of schema had millions of tables or columns. This fix resolves the migration error.

Release 5.4.9

  • Previously, the restore of a backup might complete with errors due to a missing Postgres recovery file. This issue has now been fixed.

  • Miscellaneous other fixes and internal improvements.

Release 5.4.10 - Security Patch

This patch is a critical fix that addresses the security vulnerability with logging which has been described in the recent Security bulletin:

  • April 17, 2019 - Important Security Alert: PII on Customer Servers

Summary

In order to assist with debugging, the Alation application writes exceptions to log files. Alation’s codebase includes an open-source third-party exception-logging library called Raven. We recently discovered that Raven has an undocumented bug such that it sometimes logs usernames and passwords stored in the application memory to the Alation log files in cleartext.

In this patch we completely deactivate Raven. Originally, we included the Raven capabilities into Alation to have the richest possible logs for rapid issue resolution. Although without Raven certain issues may be more difficult to diagnose, we will continue to have other logging information. There are no plans on adding those exception-logging capabilities back, presently; we will rely on other kinds of logs and monitoring for diagnosis of issues.

It is of paramount importance that this security patch is installed by all customers.

Note that this patch does NOT remove any of the existing logs from your Alation instance. If you have not purged the existing logs as part of the security bulletin recommendations, please consider doing so after you install the patch. For instructions, see Section IV-B of the security bulletin April 17, 2019 - Important Security Alert: PII on Customer Servers.