ankitsultana commented on PR #15498: URL: https://github.com/apache/pinot/pull/15498#issuecomment-2787724138
> You may read more history in #8906 > > Since query option is deprecated and user should use `SET` statements instead, I'd suggest not touching it. There are security concerns over `OPTION` @Jackie-Jiang : We have also moved away from OPTION. But the issue is that the current Calcite Parser has a vulnerability where it leads to very high CPU utilization if a user sends a query with a large number of whitespaces (even when there are no options in the query). Due to b/w compatibility we can't move away from options, so we wanted to patch this vulnerability in OSS. We have already patched this internally and our internal code is roughly the same as the one in this PR. Perhaps with Pinot 1.5 we should remove OPTION syntax altogether in Pinot (but we need a resolution until then) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For additional commands, e-mail: commits-h...@pinot.apache.org
