From 9fc50f24ba8058633544f013f57ca67f72a80c29 Mon Sep 17 00:00:00 2001
From: Julian Hyde <jhyde@apache.org>
Date: Sat, 10 Sep 2022 00:49:04 -0700
Subject: [PATCH] Prepare for next development iteration

---
 gradle.properties                        |  2 +-
 site/_docs/history.md                    | 37 ++++++++++++++----
 site/_docs/howto.md                      |  7 +---
 site/_posts/2022-09-10-release-1.32.0.md | 49 ++++++++++++++++++++++++
 4 files changed, 82 insertions(+), 13 deletions(-)
 create mode 100644 site/_posts/2022-09-10-release-1.32.0.md

diff --git a/gradle.properties b/gradle.properties
index 0c7b4e502684..f50de1ee4613 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -27,7 +27,7 @@ systemProp.org.gradle.internal.publish.checksums.insecure=true
 # This is version for Calcite itself
 # Note: it should not include "-SNAPSHOT" as it is automatically added by build.gradle.kts
 # Release version can be generated by using -Prelease or -Prc=<int> arguments
-calcite.version=1.32.0
+calcite.version=1.33.0
 # This is a version to be used from Maven repository. It can be overridden by localAvatica below
 calcite.avatica.version=1.22.0
 
diff --git a/site/_docs/history.md b/site/_docs/history.md
index 0b97b636b343..1b3fcfc6cda1 100644
--- a/site/_docs/history.md
+++ b/site/_docs/history.md
@@ -28,6 +28,7 @@ For a full list of releases, see
 Downloads are available on the
 [downloads page]({{ site.baseurl }}/downloads/).
 
+<!--
 {% comment %}
 ## <a href="https://github.com/apache/calcite/releases/tag/calcite-1.33.0">1.33.0</a> / YYYY-MM-DD
 {: #v1-33-0}
@@ -64,12 +65,28 @@ other software versions as specified in gradle.properties.
 {: #site-1-33-0}
 
 {% endcomment %}
+-->
 
-## <a href="https://github.com/apache/calcite/releases/tag/calcite-1.32.0">1.32.0</a> / 2022-09-12
+## <a href="https://github.com/apache/calcite/releases/tag/calcite-1.32.0">1.32.0</a> / 2022-09-10
 {: #v1-32-0}
 
-This release comes 1 month after [1.31.0](#v1-31-0),
-contains contributions from 15 contributors, and resolves x issues.
+Coming 1 month after [1.31.0](#v1-31-0) with 19 issues fixed by 16
+contributors, this release fixes
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-39135">CVE-2022-39135</a>,
+an XML External Entity (XEE) vulnerability that allows a SQL query to
+read the contents of files via the SQL functions `EXISTS_NODE`,
+`EXTRACT_XML`, `XML_TRANSFORM` or `EXTRACT_VALUE`.
+
+With contributions from 16 contributors, this release
+<a href="https://issues.apache.org/jira/browse/CALCITE-4294">replaces
+the ESRI spatial engine with JTS and proj4j</a>, adds
+<a href="https://issues.apache.org/jira/browse/CALCITE-5262">65
+spatial SQL functions</a> including `ST_Centroid`, `ST_Covers` and
+`ST_GeomFromGeoJSON`, adds the
+<a href="https://issues.apache.org/jira/browse/CALCITE-5241">CHAR</a>
+SQL function, and improves the return type of the
+<a href="https://issues.apache.org/jira/browse/CALCITE-4999">ARRAY and
+MULTISET</a> functions.
 
 Contributors to this release:
 Alessandro Solimando,
@@ -82,9 +99,11 @@ Dmitry Sysolyatin,
 Jiajun Bernoulli,
 Jing Zhang,
 Julian Hyde (release manager),
+Lincoln Lee,
 Mou Wu,
 Ruben Quesada Lopez,
 Stamatis Zampetakis,
+TJ Banghart,
 Zhengqiang Duan.
 
 {: #breaking-1-32-0}
@@ -130,7 +149,10 @@ other software versions as specified in gradle.properties.
   Increase `BINDABLE_CACHE` hit rate by making the order of
   `EnumerableRelImplementor.stashedParameters` deterministic
 * [<a href="https://issues.apache.org/jira/browse/CALCITE-5263">CALCITE-5263</a>]
-  Improve `XmlFunctions` by using an XML `DocumentBuilder`
+  SQL functions `EXISTS_NODE`, `EXTRACT_XML`, `XML_TRANSFORM` and `EXTRACT_VALUE`
+  allow user files to be read via XML External Entity (XEE) vulnerability
+  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-39135">CVE-2022-39135</a>
+  (fixed by using a secure implementation of XML `DocumentBuilder`)
 * [<a href="https://issues.apache.org/jira/browse/CALCITE-4294">CALCITE-4294</a>]
   Use JTS and proj4j rather than ESRI as the underlying library for geospatial
   (`ST_`) functions
@@ -166,9 +188,7 @@ other software versions as specified in gradle.properties.
 * Cosmetic changes to release notes
 * Remove redundant 'the' in javadoc
 * Change sereda's role from Committer to PMC
-* [<a href="https://issues.apache.org/jira/browse/CALCITE-5092">CALCITE-5092</a>]
-  Update site/README.md about how to release the site
-* Fix 1.31.0 release date to 2022-08-22 (was 2022-08-22)
+* Fix 1.31.0 release date to 2022-08-02 (was 2022-08-01)
 * Fix checkstyle violation for Calcite 1.31 release note
 
 ## <a href="https://github.com/apache/calcite/releases/tag/calcite-1.31.0">1.31.0</a> / 2022-08-02
@@ -416,6 +436,9 @@ other software versions as specified in gradle.properties.
 #### Web site and documentation
 {: #site-1-31-0}
 
+* [<a href="https://issues.apache.org/jira/browse/CALCITE-5092">CALCITE-5092</a>]
+  Update [site/README.md](https://github.com/apache/calcite/blob/main/site/README.md)
+  about how to release the site
 * Site: Add Jing Zhang as committer
 * Site: Add Benchao Li as committer
 * Site: Add Chunwei Lei and Vladimir Ozerov as PMC members
diff --git a/site/_docs/howto.md b/site/_docs/howto.md
index 6876ca70da4f..4025da758234 100644
--- a/site/_docs/howto.md
+++ b/site/_docs/howto.md
@@ -755,7 +755,7 @@ The release candidate process does not add commits,
 so there's no harm if it fails. It might leave `-rc` tag behind
 which can be removed if required.
 
-You can perform a dry-run release with a help of
+If you wish, you can perform a dry-run release with a help of
 [asflike-release-environment](https://github.com/vlsi/asflike-release-environment);
 it would perform the same steps, but it would push changes to the mock Nexus, Git, and SVN servers.
 
@@ -820,11 +820,8 @@ Verify the staged artifacts in the Nexus repository:
 * Go to [https://repository.apache.org/](https://repository.apache.org/) and login
 * Under `Build Promotion`, click `Staging Repositories`
 * In the `Staging Repositories` tab there should be a line with profile `org.apache.calcite`
+  and status `closed`
 * Navigate through the artifact tree and make sure the .jar, .pom, .asc files are present
-* Check the box on in the first column of the row,
-  and press the 'Close' button to publish the repository at
-  https://repository.apache.org/content/repositories/orgapachecalcite-1000
-  (or a similar URL)
 
 ## Cleaning up after a failed release attempt
 
diff --git a/site/_posts/2022-09-10-release-1.32.0.md b/site/_posts/2022-09-10-release-1.32.0.md
new file mode 100644
index 000000000000..3f8db3f861ea
--- /dev/null
+++ b/site/_posts/2022-09-10-release-1.32.0.md
@@ -0,0 +1,49 @@
+---
+layout: news_item
+date: "2022-09-10 12:00:00 +0000"
+author: jhyde
+version: 1.32.0
+categories: [release]
+tag: v1-32-0
+sha: 413eded6
+---
+<!--
+{% comment %}
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to you under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+{% endcomment %}
+-->
+
+The [Apache Calcite PMC]({{ site.baseurl }})
+is pleased to announce
+[Apache Calcite release 1.32.0]({{ site.baseurl }}/docs/history.html#v1-32-0).
+
+Coming 1 month after [1.31.0](#v1-31-0) with 19 issues fixed by 16
+contributors, this release fixes
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-39135">CVE-2022-39135</a>,
+an XML External Entity (XEE) vulnerability that allows a SQL query to
+read the contents of files via the SQL functions `EXISTS_NODE`,
+`EXTRACT_XML`, `XML_TRANSFORM` or `EXTRACT_VALUE`.
+
+With contributions from 16 contributors, this release
+<a href="https://issues.apache.org/jira/browse/CALCITE-4294">replaces
+the ESRI spatial engine with JTS and proj4j</a>, adds
+<a href="https://issues.apache.org/jira/browse/CALCITE-5262">65
+spatial SQL functions</a> including `ST_Centroid`, `ST_Covers` and
+`ST_GeomFromGeoJSON`, adds the
+<a href="https://issues.apache.org/jira/browse/CALCITE-5241">CHAR</a>
+SQL function, and improves the return type of the
+<a href="https://issues.apache.org/jira/browse/CALCITE-4999">ARRAY and
+MULTISET</a> functions.