Ranger
HDP 2.5.0 provides Ranger 0.6.0 and the following Apache patches:
RANGER-1090: Revoke command with grant option does not disable delegated admin permission for users/groups in the corresponding policy.
RANGER-1094: One way SSL (when Kerberos is enabled) for Ranger and its plugins.
RANGER-1096: Revert to jceks scheme for credential store related operations.
RANGER-1097: Ranger KMS Plugin should not fails to download policy when UGI ticket expires.
RANGER-1099: Keyadmin user is not able to create service/repo using public APIs.
RANGER-1100: Hive authorizer does not block update when row-filter/column-mask is specified on the table for the user.
RANGER-1101: JCEKS keystore is not created successfully after enabling SSL for Atlas Ranger plugin.
RANGER-1103: Added maven version enforcer and moved the plugin to be run as part of maven compile.
RANGER-1104: Catching and Logging DB transaction exceptions during Ranger startup.
RANGER-1105: Ranger should provide configuration to do hdfs audit file rollover at absolute time.
RANGER-1106: Issue after upgrade on ranger hive policy page.
RANGER-1111: Enhancements to the db admin setup scripts.
RANGER-1113: Ranger Hive authorizer updated to get query string from HiveConf.
RANGER-1114: Nimbus, Storm UI server stopped after disabling ranger plugins.
RANGER-1116: Ranger HivePluginUnitTest fails due to Hive Metastore version check.
RANGER-1119: Exclude test jars from RANGER-admin plugin folders as dependency.
RANGER-1120: Need a java patch to handle upgrade of hive servicedef.
RANGER-1121: Resolving circular dependency of spring beans by enabling lazy initialization of the beans.
RANGER-1123: Keyadmin user is not able to make getservice call using rest v2 public api.
RANGER-1124: Good coding practices in Ranger recommended by static code analysis -UI .
RANGER-1126: Authorization checks for non existent file/directory should not be recursive in Ranger Hive authorizer.
RANGER-1127: Ranger HA Handle scenarios for request with X-Forwarded-Server.
RANGER-1128: Data Masking label changes for ranger policies.
RANGER-1129: Ability to specify 'audit all accesses' via Ranger admin configuration.
RANGER-1132: Ranger Storm Plugin should include commons-codec jar as a dependency.
RANGER-1134: Audit to Secure solr fails in case of Ranger Knox Plugin due to MDC context issue.
RANGER-1135: Knox and Storm plugins should use secure policy download endpoint in kerberos mode.
RANGER-1135: Modified InMemory JAAS configuration to use parent config - if exists.
RANGER-1136: Ranger audit to HDFS fails with TGT errors in Ranger HiveServer2 plugin when UGI -TGT expires in audit thread.
RANGER-1141: Null pointer exception while retrieving the key during copy file.
RANGER-1143: Added RANGER-plugins-cred lib for tagsync deployment.