aws-solutions
diff --git a/Diff for: ‎.github/ISSUE_TEMPLATE/bug_report.md
+1-1 b/Diff for: ‎.github/ISSUE_TEMPLATE/bug_report.md
+1-1
diff --git a/Diff for: ‎CHANGELOG.md
+16 b/Diff for: ‎CHANGELOG.md
+16
diff --git a/Diff for: ‎CODE_OF_CONDUCT.md
+2-2 b/Diff for: ‎CODE_OF_CONDUCT.md
+2-2
diff --git a/Diff for: ‎CONTRIBUTING.md
+11-13 b/Diff for: ‎CONTRIBUTING.md
+11-13
diff --git a/Diff for: ‎NOTICE.txt
+36-3 b/Diff for: ‎NOTICE.txt
+36-3
diff --git a/Diff for: ‎README.md
+6-6 b/Diff for: ‎README.md
+6-6
@@ -17,7 +17,7 @@ Steps to reproduce the behavior.
 A clear and concise description of what you expected to happen.
 
 **Please complete the following information about the solution:**
-- [ ] Version: [e.g. v1.0.4]
+- [ ] Version: [e.g. v1.0.5]
 
 To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "_(SO0021) - Video On Demand workflow with AWS Step Functions, MediaConvert, MediaPackage, S3, CloudFront and DynamoDB. Version **v5.0.0**_". If the description does not contain the version information, you can look at the mappings section of the template:
 
 
@@ -5,6 +5,22 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.0.5] - 2024-10-24
+
+### Security
+
+- Upgrade to Java 17 and NodeJS 20
+- Patched Apache Commons IO vulnerability
+- Change EC2 userdata script to install Python 3.10
+
+### Fixed
+
+- Fix Data Node Splitting in Tiers [#33](https://github.com/aws-solutions/scalable-analytics-using-apache-druid-on-aws/pull/33)
+
+### Added
+
+- Apache curl alternative url for Druid and Zookeeper for installation in case archive.apache is unavailable
+
 ## [1.0.4] - 2024-09-18
 
 ### Security
 
@@ -1,4 +1,4 @@
 ## Code of Conduct
-This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 
-For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 
+This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
+For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
 [email protected] with any additional questions or comments.
@@ -6,24 +6,23 @@ documentation, we greatly value feedback and contributions from our community.
 Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
 information to effectively respond to your bug report or contribution.
 
-
 ## Reporting Bugs/Feature Requests
 
 We welcome you to use the GitHub issue tracker to report bugs or suggest features.
 
 When filing an issue, please check [existing open](https://github.com/aws-solutions/scalable-analytics-using-apache-druid-on-aws/issues), or [recently closed](https://github.com/aws-solutions/scalable-analytics-using-apache-druid-on-aws/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already
 reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
 
-* A reproducible test case or series of steps
-* The version of our code being used
-* Any modifications you've made relevant to the bug
-* Anything unusual about your environment or deployment
-
+- A reproducible test case or series of steps
+- The version of our code being used
+- Any modifications you've made relevant to the bug
+- Anything unusual about your environment or deployment
 
 ## Contributing via Pull Requests
+
 Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
 
-1. You are working against the latest source on the *main* branch.
+1. You are working against the latest source on the _master_ branch.
 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
 3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
 
@@ -39,23 +38,22 @@ To send us a pull request, please:
 GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
 [creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
 
-
 ## Finding contributions to work on
-Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels ((enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-solutions/scalable-analytics-using-apache-druid-on-aws/labels/help%20wanted) issues is a great place to start.
 
+Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels ((enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-solutions/scalable-analytics-using-apache-druid-on-aws/labels/help%20wanted) issues is a great place to start.
 
 ## Code of Conduct
+
 This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
 For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
 [email protected] with any additional questions or comments.
 
-
 ## Security issue notifications
-If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
 
+If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
 
 ## Licensing
 
-See the [LICENSE](https://github.com/aws-solutions/scalable-analytics-using-apache-druid-on-aws/blob/main/LICENSE.txt) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
+See the [LICENSE](https://github.com/aws-solutions/scalable-analytics-using-apache-druid-on-aws/blob/master/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
 
-We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
+We may ask you to sign a [Contributor License Agreement (CLA)](https://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
@@ -54,6 +54,7 @@ This software includes third party software subject to the following copyrights:
 @aws-sdk/xml-builder under the Apache-2.0 license
 @babel/code-frame under the MIT license
 @babel/compat-data under the MIT license
+@babel/core under the MIT license.
 @babel/generator under the MIT license
 @babel/helper-compilation-targets under the MIT license
 @babel/helper-environment-visitor under the MIT license
@@ -86,6 +87,7 @@ This software includes third party software subject to the following copyrights:
 @babel/plugin-syntax-typescript under the MIT license
 @babel/template under the MIT license
 @babel/traverse under the MIT license
+@babel/types under the MIT license.
 @balena/dockerignore under the Apache-2.0 license
 @bcoe/v8-coverage under the MIT license
 @cspotcode/source-map-support under the MIT license
@@ -100,6 +102,7 @@ This software includes third party software subject to the following copyrights:
 @istanbuljs/load-nyc-config under the ISC license
 @istanbuljs/schema under the MIT license
 @jest/console under the MIT license
+@jest/core under the MIT license.
 @jest/environment under the MIT license
 @jest/expect under the MIT license
 @jest/expect-utils under the MIT license
@@ -111,6 +114,7 @@ This software includes third party software subject to the following copyrights:
 @jest/test-result under the MIT license
 @jest/test-sequencer under the MIT license
 @jest/transform under the MIT license
+@jest/types under the MIT license.
 @jridgewell/gen-mapping under the MIT license
 @jridgewell/resolve-uri under the MIT license
 @jridgewell/set-array under the MIT license
@@ -122,10 +126,12 @@ This software includes third party software subject to the following copyrights:
 @pkgr/utils under the MIT license
 @sinclair/typebox under the MIT license
 @sinonjs/commons under the BSD-3-Clause license
+@sinonjs/fake-timers under the BSD-3-Clause license.
 @sinonjs/samsam under the BSD-3-Clause license
 @sinonjs/text-encoding under the (Unlicense OR Apache-2.0) license
 @smithy/abort-controller under the Apache-2.0 license
 @smithy/config-resolver under the Apache-2.0 license
+@smithy/core under the Apache-2.0 license.
 @smithy/credential-provider-imds under the Apache-2.0 license
 @smithy/eventstream-codec under the Apache-2.0 license
 @smithy/fetch-http-handler under the Apache-2.0 license
@@ -147,6 +153,7 @@ This software includes third party software subject to the following copyrights:
 @smithy/shared-ini-file-loader under the Apache-2.0 license
 @smithy/signature-v4 under the Apache-2.0 license
 @smithy/smithy-client under the Apache-2.0 license
+@smithy/types under the Apache-2.0 license.
 @smithy/url-parser under the Apache-2.0 license
 @smithy/util-base64 under the Apache-2.0 license
 @smithy/util-body-length-browser under the Apache-2.0 license
@@ -155,6 +162,7 @@ This software includes third party software subject to the following copyrights:
 @smithy/util-config-provider under the Apache-2.0 license
 @smithy/util-defaults-mode-browser under the Apache-2.0 license
 @smithy/util-defaults-mode-node under the Apache-2.0 license
+@smithy/util-endpoints under the Apache-2.0 license.
 @smithy/util-hex-encoding under the Apache-2.0 license
 @smithy/util-middleware under the Apache-2.0 license
 @smithy/util-retry under the Apache-2.0 license
@@ -190,9 +198,12 @@ This software includes third party software subject to the following copyrights:
 @types/yargs under the MIT license
 @types/yargs-parser under the MIT license
 @typescript-eslint/eslint-plugin under the MIT license
+@typescript-eslint/parser under the BSD-2-Clause license.
 @typescript-eslint/scope-manager under the MIT license
 @typescript-eslint/type-utils under the MIT license
+@typescript-eslint/types under the MIT license.
 @typescript-eslint/typescript-estree under the BSD-2-Clause license
+@typescript-eslint/utils under the MIT license.
 @typescript-eslint/visitor-keys under the MIT license
 acorn under the MIT license
 acorn-jsx under the MIT license
@@ -298,9 +309,11 @@ com.nimbusds/nimbus-jose-jwt under the Apache-2.0 license
 com.nimbusds/oauth2-oidc-sdk under the Apache-2.0 license
 com.ning/compress-lzf under the Apache-2.0 license
 com.opencsv/opencsv under the Apache-2.0 license
-com.squareup.okhttp/okhttp under the Apache-2.0 license
 com.squareup.okhttp3/mockwebserver under the Apache-2.0 license
+com.squareup.okhttp3/okhttp under the Apache-2.0 license.
+com.squareup.okhttp/okhttp under the Apache-2.0 license
 com.squareup.okio/okio under the Apache-2.0 license
+com.squareup.okio/okio-jvm under the Apache-2.0 license.
 com.sun.activation/javax.activation under the (CDDL-1.0 OR GPL-2.0-with-classpath-exception) license
 com.sun.jersey.contribs/jersey-guice under the CDDL-1.1 license
 com.sun.jersey.contribs/jersey-guice under the GPL-2.0-with-classpath-exception license
@@ -364,6 +377,7 @@ estraverse under the BSD-2-Clause license
 esutils under the BSD-2-Clause license
 execa under the MIT license
 exit under the MIT license
+expect under the MIT license.
 exponential-backoff under the Apache-2.0 license
 fast-deep-equal under the MIT license
 fast-diff under the Apache-2.0 license
@@ -391,7 +405,9 @@ get-package-type under the MIT license
 get-stream under the MIT license
 glob under the ISC license
 glob-parent under the ISC license
+globals under the MIT license.
 globby under the MIT license
+graceful-fs under the ISC license.
 graphemer under the MIT license
 has under the MIT license
 has-flag under the MIT license
@@ -444,8 +460,11 @@ is-stream under the MIT license
 is-wsl under the MIT license
 isarray under the MIT license
 isexe under the ISC license
+istanbul-lib-coverage under the BSD-3-Clause license.
 istanbul-lib-instrument under the BSD-3-Clause license
+istanbul-lib-report under the BSD-3-Clause license.
 istanbul-lib-source-maps under the BSD-3-Clause license
+istanbul-reports under the BSD-3-Clause license.
 it.unimi.dsi/fastutil under the Apache-2.0 license
 it.unimi.dsi/fastutil-core under the Apache-2.0 license
 it.unimi.dsi/fastutil-extra under the Apache-2.0 license
@@ -462,6 +481,7 @@ javax.validation/validation-api under the Apache-2.0 license
 javax.ws.rs/jsr311-api under the CDDL-1.0 license
 javax.xml.bind/jaxb-api under the CDDL-1.1 license
 javax.xml.bind/jaxb-api under the GPL-2.0-with-classpath-exception license
+jest under the MIT license.
 jest-changed-files under the MIT license
 jest-circus under the MIT license
 jest-cli under the MIT license
@@ -491,11 +511,12 @@ jest-worker under the MIT license
 Jinja2 under the BSD-3-Clause license
 joda-time/joda-time under the Apache-2.0 license
 js-tokens under the MIT license
+js-yaml under the MIT license.
 jsesc under the MIT license
+json5 under the MIT license
 json-parse-even-better-errors under the MIT license
 json-schema-traverse under the MIT license
 json-stable-stringify-without-jsonify under the MIT license
-json5 under the MIT license
 jsonfile under the MIT license
 jsonschema under the MIT license
 junit/junit under the EPL-1.0 license
@@ -515,8 +536,8 @@ make-dir under the MIT license
 make-error under the ISC license
 makeerror under the BSD-3-Clause license
 MarkupSafe under the BSD-3-Clause license
-merge-stream under the MIT license
 merge2 under the MIT license
+merge-stream under the MIT license
 micromatch under the MIT license
 mime-db under the MIT license
 mime-types under the MIT license
@@ -527,6 +548,7 @@ mock under the 0BSD license
 moment under the MIT license
 moto under the Apache-2.0 license
 ms under the MIT license
+mustache under the MIT license.
 natural-compare under the MIT license
 natural-compare-lite under the MIT license
 net.bytebuddy/byte-buddy under the Apache-2.0 license
@@ -539,6 +561,7 @@ net.minidev/accessors-smart under the Apache-2.0 license
 net.minidev/json-smart under the Apache-2.0 license
 net.thisptr/jackson-jq under the Apache-2.0 license
 nise under the BSD-3-Clause license
+node-forge under the BSD-3-Clause license.
 node-int64 under the MIT license
 node-releases under the MIT license
 normalize-path under the MIT license
@@ -627,6 +650,7 @@ org.glassfish/jakarta.el under the GPL-2.0-with-classpath-exception license
 org.glassfish/javax.el under the (CDDL-1.0 OR GPL-2.0-with-classpath-exception) license
 org.hamcrest/hamcrest-core under the BSD-3-Clause license
 org.hibernate.validator/hibernate-validator under the Apache-2.0 license
+org.hibernate/hibernate-validator under the Apache-2.0 license.
 org.hyperic/sigar under the Apache-2.0 license
 org.jboss.logging/jboss-logging under the Apache-2.0 license
 org.jdbi/jdbi under the Apache-2.0 license
@@ -674,6 +698,7 @@ pirates under the MIT license
 pkg-dir under the MIT license
 pluggy under the MIT license
 prelude-ls under the MIT license
+prettier under the MIT license.
 prettier-linter-helpers under the MIT license
 pretty-format under the MIT license
 prompts under the MIT license
@@ -704,15 +729,20 @@ rimraf under the ISC license
 run-applescript under the MIT license
 run-parallel under the MIT license
 s3transfer under the Apache-2.0 license
+semver under the ISC license.
 setuptools under the MIT license
 shebang-command under the MIT license
 shebang-regex under the MIT license
 signal-exit under the ISC license
+sinon under the BSD-3-Clause license.
 sisteransi under the MIT license
 slash under the MIT license
 slice-ansi under the MIT license
 software.amazon.ion/ion-java under the Apache-2.0 license
+source-map under the BSD-3-Clause license.
+source-map-support under the MIT license.
 sprintf-js under the BSD-3-Clause license
+stack-utils under the MIT license.
 string-length under the MIT license
 string-width under the MIT license
 strip-ansi under the MIT license
@@ -745,6 +775,7 @@ uri-js under the BSD-2-Clause license
 urlgrabber under the GNU Lesser General Public License v2 or later (LGPLv2+) license
 urlgrabber under the LGPL-2.0-or-later license
 urllib3 under the MIT license
+uuid under the MIT license.
 v8-compile-cache-lib under the MIT license
 v8-to-istanbul under the ISC license
 walker under the Apache-2.0 license
@@ -759,6 +790,8 @@ xmltodict under the MIT license
 y18n under the ISC license
 yallist under the ISC license
 yaml under the ISC license
+yargs under the MIT license.
+yargs-parser under the ISC license.
 yn under the MIT license
 yocto-queue under the MIT license
 
 
@@ -125,13 +125,13 @@ The solution deploys the following components that work together to provide a pr
 
 -   The latest version of the [AWS CLI](https://aws.amazon.com/cli/), installed and configured.
 -   The latest version of the [AWS CDK](https://docs.aws.amazon.com/cdk/latest/guide/home.html).
--   [Nodejs](https://docs.npmjs.com/getting-started) version 18 or newer.
+-   [Nodejs](https://docs.npmjs.com/getting-started) version 20 or newer.
 -   [Python](https://www.python.org/) version 3.12 or newer.
 -   [Git](https://git-scm.com/) command line
 -   Java Runtime
-    -   The solution requires a Java 8 Runtime. We strongly recommend using [Amazon Corretto 8](https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html). Alternatively, you can also use other OpenJDKs such as [Eclipse Temurin](https://adoptium.net/en-GB/temurin/releases/?version=8).
+    -   The solution requires a Java 17 Runtime. We strongly recommend using [Amazon Corretto 17](https://docs.aws.amazon.com/corretto/latest/corretto-17-ug/downloads-list.html). Alternatively, you can also use other OpenJDKs such as [Eclipse Temurin](https://adoptium.net/en-GB/temurin/releases/?version=17).
 -   [Maven](https://maven.apache.org/install.html.) (>=3.5.2)
-    -    We recommend configuring Maven to use an OpenJDK8 compatible JAVA version, such as Amazon Corretto 8.
+    -    We recommend configuring Maven to use an OpenJDK17 compatible JAVA version, such as Amazon Corretto 17.
 -   [Docker](https://docs.docker.com/get-docker/)
 -   [Curl](https://curl.se/download.html)
 
@@ -149,16 +149,16 @@ Use the `source/cdk.json` file to configure the solution. It is recommended to c
 
 **AMI configuration (optional)**
 
-The `EC2` hosting option by default provisions EC2 instances with Amazon Linux 2. This can be overriden by specifying the `customAmi` object in the `cdk.json` file. This object should provide the AMI name and owners' account IDs or alias that `cdk` would use to perform an AMI lookup. Depending on the instance types utilized in the cluster, please supply the corresponding AMI for "arm64" (Graviton instances) or "amd64" (x86-based instance types). The solution has been tested with Amazon Linux, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
+The `EC2` hosting option by default provisions EC2 instances with Amazon Linux 2. This can be overriden by specifying the `customAmi` object in the `cdk.json` file. This object should provide the AMI name and owners' account IDs or alias that `cdk` would use to perform an AMI lookup. Depending on the instance types utilized in the cluster, please supply the corresponding AMI for "arm64" (Graviton instances) or "amd64" (x86-based instance types). The solution has been tested with Amazon Linux 2 and Ubuntu 22.04 LTS.
 
 ```
 "customAmi": {
     "arm64": {
-        "name": "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-arm64-server*",
+        "name": "ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server*",
         "owners": ["amazon"]
     },
     "amd64": {
-        "name": "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server*",
+        "name": "ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server*",
         "owners": ["amazon"]
     }
 },