HDP-2.3.4 Release Notes
Also available as:



Hortonworks strongly recommends that all users running HDP 2.3.4 upgrade to HDP

HDP 2.3.4 provides Knox 0.6.0 and the following Apache patches:

  • KNOX-566: Make the Default Ephemeral DH Key Size 2048 for TLS.

  • KNOX-579: Regex based identity assertion provider with static dictionary lookup.

  • KNOX-581: Hive dispatch not propagating effective principal name.

  • KNOX-633: Upgrade Apache commons-collections.

HDP 2.3.2 provided Knox 0.6.0 and the following Apache patches:

  • KNOX-598: Concurrent JDBC clients via KNOX to Kerberized HiveServer2 causes HTTP 401 error (due to Kerberos Replay attack error)

  • KNOX-599: Template with {**} in queries are expanded with =null for query params without a value.

HDP 2.3.0 provided Knox 0.6.0 and the following Apache patches:


  • KNOX-476 implementation for X-Forwarded-* headers support and population

  • KNOX-546 Consuming intermediate response during kerberos request dispatching

  • KNOX-550 reverting back to original hive kerberos dispatch behavior

  • KNOX-559 renaming service definition files


  • KNOX-545 Simplify Keystore Management for Cluster Scaleout

  • KNOX-561 Allow Knox pid directory to be configured via the knox-env.sh file