apache
diff --git a/‎.github/actions/ci-incr-build-cache-prepare/action.yml‎
Lines changed: 23 additions & 2 deletions b/‎.github/actions/ci-incr-build-cache-prepare/action.yml‎
Lines changed: 23 additions & 2 deletions
diff --git a/‎.github/actions/ci-incr-build-cache-save/action.yml‎
Lines changed: 0 additions & 1 deletion b/‎.github/actions/ci-incr-build-cache-save/action.yml‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎.github/workflows/gradle.yml‎
Lines changed: 2 additions & 5 deletions b/‎.github/workflows/gradle.yml‎
Lines changed: 2 additions & 5 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 51 additions & 59 deletions b/‎CHANGELOG.md‎
Lines changed: 51 additions & 59 deletions
diff --git a/‎CODE_OF_CONDUCT.md‎
Lines changed: 1 addition & 86 deletions b/‎CODE_OF_CONDUCT.md‎
Lines changed: 1 addition & 86 deletions
@@ -32,6 +32,27 @@ inputs:
 runs:
   using: "composite"
   steps:
+    - name: Configure Gradle cache retention settings
+      # Without these settings, the Gradle Setup action will evict effectively all "restored incremental" entries,
+      # as it will remove all cache entries created before the start-time of the "Store Gradle Cache" job.
+      # The total size of GitHub caches for each repository is limited to 10GB, which means that we have to use
+      # more aggressive retention settings to keep the size of the Gradle cache stored in GitHub at an appropriate
+      # size.
+      shell: bash
+      run: |
+        mkdir -p ~/.gradle/init.d
+        cat > ~/.gradle/init.d/cache-settings.gradle.kts <<!
+        beforeSettings {
+          caches {
+            releasedWrappers.setRemoveUnusedEntriesAfterDays(5)
+            snapshotWrappers.setRemoveUnusedEntriesAfterDays(1)
+            downloadedResources.setRemoveUnusedEntriesAfterDays(2)
+            createdResources.setRemoveUnusedEntriesAfterDays(5)
+            buildCache.setRemoveUnusedEntriesAfterDays(5)
+          }
+        }
+        !
+
     - name: Prep env
       shell: bash
       run: |
@@ -71,12 +92,12 @@ runs:
         if [[ -d ~/downloaded-artifacts/ ]] ; then
           find ~/downloaded-artifacts/ -type f -name "ci-gradle-caches-*-${{ inputs.java-version }}.tar" | while read arch ; do
             echo "Adding archive content from $arch ..."
-            (cd ~/.gradle/caches/ ; tar xf $arch)
+            (cd ~/.gradle/caches/ ; tar xf $arch --atime-preserve)
           done
         else
           echo "No previous build cache artifacts downloaded."
         fi
-        
+
         date +%s > ~/caches-prepared-at-epoch
 
         echo "::endgroup::"
@@ -47,7 +47,6 @@ runs:
             -path './[0-9]*/kotlin-dsl/*' -or \
             -path './jars-*/*' -or \
             -path './modules-*/files-*/*' -or \
-            -path './modules-*/files-*/*' -or \
             -path './build-cache-*/*' \
             ')' | grep -v '[.]lock$'  > ~/ci-gradle-caches-diff || true
           echo "Identified $(wc -l < ~/ci-gradle-caches-diff) changed/added files in caches/"
 
@@ -160,9 +160,6 @@ jobs:
         uses: ./.github/actions/ci-incr-build-cache-prepare
         with:
           cache-read-only: false
-      - name: Trigger Gradle home cleanup
-        env:
-          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
-        run: ./gradlew --no-daemon :showVersion
 
-      # Note: the "Post Gradle invocation" archives the updated build cache.
+      # Note: the "Post Collect partial Gradle build caches"-step cleans up stale cache entries
+      # and archives the updated build cache.
@@ -29,82 +29,74 @@ request adding CHANGELOG notes for breaking (!) changes and possibly other secti
 
 ### Highlights
 
-- **HMS Federation Support**: Added support for Hive Metastore (HMS) federation, enabling integration with existing Hive metastores.
-
-- **Modularized Federation**: Introduced modularized federation architecture to support multiple catalog types and improve extensibility.
-
-- **External Authentication**: Added comprehensive support for external identity providers including Keycloak integration and Helm chart configuration options.
-
-- **Python Client Distribution**: The Python client is now packaged and distributed as a proper Python package for easier installation and usage.
-
-- **Catalog Federation CLI**: Extended the CLI with support for managing federated catalogs, making it easier to configure and operate catalog federation.
-
-- **MinIO**: Added MinIO integration support with comprehensive getting started documentation.
-
 ### Upgrade Notes
 
-### Breaking Changes
+- The EclipseLink Persistence implementation has been deprecated since 1.0.0 and will be completely removed
+  in 1.3.0 or in 2.0.0 (whichever happens earlier).
 
-- Helm chart: the default value of the `authentication.tokenBroker.secret.symmetricKey.secretKey` property has changed
-  from `symmetric.pem` to `symmetric.key`.
+### Breaking Changes
 
 ### New Features
 
-- Added Catalog configuration for S3 and STS endpoints. This also allows using non-AWS S3 implementations.
-  The realm-level feature flag `ALLOW_SETTING_S3_ENDPOINTS` (default: true) may be used to disable this
-  functionality.
-
-- The `IMPLICIT` authentication type enables users to create federated catalogs without explicitly
-providing authentication parameters to Polaris. When the authentication type is set to `IMPLICIT`,
-the authentication parameters are picked from the environment or configuration files.
-
-- The `DEFAULT_LOCATION_OBJECT_STORAGE_PREFIX_ENABLED` feature was added to support placing tables
-at locations that better optimize for object storage.
-
-- The `LIST_PAGINATION_ENABLED` (default: false) feature flag can be used to enable pagination
-  in the Iceberg REST Catalog API.
-
-- The Helm chart now supports Pod Disruption Budgets (PDBs) for Polaris components. This allows users to define
-  the minimum number of pods that must be available during voluntary disruptions, such as node maintenance.
-
-- Feature configuration `PURGE_VIEW_METADATA_ON_DROP` was added to allow dropping views without purging their metadata files.
-
-- Introduced S3 path-style access support for improved compatibility with S3-compatible storage systems.
-
-- Enhanced Python client with integration tests and improved error handling.
-
-- Introduced extensible pagination token implementation for better API performance.
-
-- Added support for `s3a` scheme in addition to existing S3 schemes.
-
-- Enhanced Helm chart with support for external authentication configuration and relational JDBC backend options.
-
-- Added comprehensive diagnostics and monitoring capabilities throughout the system.
-
-- Introduced bootstrap command options to specify custom schema files for database initialization.
-
-- Added refresh credentials endpoint configuration to LoadTableResponse for AWS, Azure, and GCP. Enabling
-automatic storage credential refresh per table on the client side. Java client version >= 1.8.0 is required.
-The endpoint path is always returned when using vended credentials, but clients must enable the 
-refresh-credentials flag for the desired storage provider.
-
 - Added a Management API endpoint to reset principal credentials, controlled by the `ENABLE_CREDENTIAL_RESET` (default: true) feature flag.
 
 ### Changes
 
-- Polaris Management API clients must be prepared to deal with new attributes in `AwsStorageConfigInfo` objects.
-
-- S3 configuration property role-ARN is no longer mandatory.
-
 ### Deprecations
 
-- The property `polaris.active-roles-provider.type` is deprecated for removal.
-- The `ActiveRolesProvider` interface is deprecated for removal.
+* The property `polaris.active-roles-provider.type` is deprecated and has no effect anymore.
 
 ### Fixes
 
+* Fixed incorrect Azure expires at field for the credentials refresh response, leading to client failure via #2633
+
 ### Commits
 
+## [1.1.0-incubating]
+Apache Polaris 1.1.0-incubating was released on September 19th, 2025.
+- **Highlights**
+  - **HMS Federation Support**: Added support for Hive Metastore (HMS) federation, enabling integration with existing Hive metastores.
+  - **Modularized Federation**: Introduced modularized federation architecture to support multiple catalog types and improve extensibility.
+  - **External Authentication**: Added comprehensive support for external identity providers including Keycloak integration and Helm chart configuration options.
+  - **Python Client Distribution**: The Python client is now packaged and distributed as a proper Python package for easier installation and usage.
+  - **Catalog Federation CLI**: Extended the CLI with support for managing federated catalogs, making it easier to configure and operate catalog federation.
+  - **MinIO**: Added MinIO integration support with comprehensive getting started documentation.
+- **New features**
+  - Added Catalog configuration for S3 and STS endpoints. This also allows using non-AWS S3 implementations.
+  - The realm-level feature flag `ALLOW_SETTING_S3_ENDPOINTS` (default: true) may be used to disable this
+    functionality.
+  - The `IMPLICIT` authentication type enables users to create federated catalogs without explicitly
+    providing authentication parameters to Polaris. When the authentication type is set to `IMPLICIT`,
+    the authentication parameters are picked from the environment or configuration files.
+  - The `DEFAULT_LOCATION_OBJECT_STORAGE_PREFIX_ENABLED` feature was added to support placing tables
+    at locations that better optimize for object storage.
+  - The `LIST_PAGINATION_ENABLED` (default: false) feature flag can be used to enable pagination
+    in the Iceberg REST Catalog API.
+  - The Helm chart now supports Pod Disruption Budgets (PDBs) for Polaris components. This allows users to define
+    the minimum number of pods that must be available during voluntary disruptions, such as node maintenance.
+  - Feature configuration `PURGE_VIEW_METADATA_ON_DROP` was added to allow dropping views without purging their metadata files.
+  - Introduced S3 path-style access support for improved compatibility with S3-compatible storage systems.
+  - Enhanced Python client with integration tests and improved error handling.
+  - Introduced extensible pagination token implementation for better API performance.
+  - Added support for `s3a` scheme in addition to existing S3 schemes.
+  - Enhanced Helm chart with support for external authentication configuration and relational JDBC backend options.
+  - Added comprehensive diagnostics and monitoring capabilities throughout the system.
+  - Introduced bootstrap command options to specify custom schema files for database initialization.
+  - Added refresh credentials endpoint configuration to LoadTableResponse for AWS, Azure, and GCP. Enabling
+    automatic storage credential refresh per table on the client side. Java client version >= 1.8.0 is required.
+    The endpoint path is always returned when using vended credentials, but clients must enable the
+    refresh-credentials flag for the desired storage provider.
+  - Added a Management API endpoint to reset principal credentials, controlled by the `ENABLE_CREDENTIAL_RESET` (default: true) feature flag.
+- **Changes**
+  - Polaris Management API clients must be prepared to deal with new attributes in `AwsStorageConfigInfo` objects.
+  - S3 configuration property role-ARN is no longer mandatory.
+- **Breaking changes**
+  - Helm chart: the default value of the `authentication.tokenBroker.secret.symmetricKey.secretKey` property has changed
+      from `symmetric.pem` to `symmetric.key`.
+- **Deprecations**
+  - The property `polaris.active-roles-provider.type` is deprecated for removal.
+  - The `ActiveRolesProvider` interface is deprecated for removal.
+
 ## [1.0.1-incubating]
 Apache Polaris 1.0.1-incubating was released on August 16th, 2025. It’s a maintenance release on the 1.0.0 release fixing a couple of issues on the Helm Chart:
 - remove db-kind in Helm Chart
 
@@ -17,89 +17,4 @@
   under the License.
 -->
 
-# Contributor Code of Conduct
-
-This is a copy of the [Contributor Covenant v2.1](https://www.contributor-covenant.org/version/2/1/code_of_conduct.html). No changes have been made.
-
-## Our Pledge
-
-We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
-
-We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
-
-## Our Standards
-
-Examples of behavior that contributes to a positive environment for our community include:
-
-* Demonstrating empathy and kindness toward other people
-* Being respectful of differing opinions, viewpoints, and experiences
-* Giving and gracefully accepting constructive feedback
-* Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
-* Focusing on what is best not just for us as individuals, but for the overall community
-
-Examples of unacceptable behavior include:
-
-* The use of sexualized language or imagery, and sexual attention or advances of any kind
-* Trolling, insulting or derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or email address, without their explicit permission
-* Other conduct which could reasonably be considered inappropriate in a professional setting
-
-## Enforcement Responsibilities
-
-Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.
-
-Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate.
-
-## Scope
-
-This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces.
-Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at <[email protected]>.
-All complaints will be reviewed and investigated promptly and fairly.
-All community leaders are obligated to respect the privacy and security of the reporter of any incident.
-
-## Enforcement Guidelines
-
-Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct:
-
-### 1. Correction
-
-**Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.
-
-**Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested.
-
-### 2. Warning
-
-**Community Impact**: A violation through a single incident or series of actions.
-
-**Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban.
-
-### 3. Temporary Ban
-
-**Community Impact**: A serious violation of community standards, including sustained inappropriate behavior.
-
-**Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.
-
-### 4. Permanent Ban
-
-**Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.
-
-**Consequence**: A permanent ban from any sort of public interaction within the community.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.1, available at [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
-
-Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder][Mozilla CoC].
-
-For answers to common questions about this code of conduct, see the FAQ at [https://www.contributor-covenant.org/faq][FAQ]. Translations are available at [https://www.contributor-covenant.org/translations][translations].
-
-[homepage]: https://www.contributor-covenant.org
-[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
-[Mozilla CoC]: https://github.com/mozilla/diversity
-[FAQ]: https://www.contributor-covenant.org/faq
-[translations]: https://www.contributor-covenant.org/translations
+We as a community follow [The ASF Code of Conduct](https://www.apache.org/foundation/policies/conduct).