Release Notes
Also available as:
PDF

Ranger

HDP 2.5.3 provides Ranger 0.6.0 and no additional Apache patches.

HDP 2.5.0 provided Ranger 0.6.0 and the following Apache patches:

  • RANGER-1090: Revoke command with grant option does not disable delegated admin permission for users/groups in the corresponding policy.

  • RANGER-1094: One way SSL (when Kerberos is enabled) for Ranger and its plugins.

  • RANGER-1096: Revert to jceks scheme for credential store related operations.

  • RANGER-1097: Ranger KMS Plugin should not fails to download policy when UGI ticket expires.

  • RANGER-1099: Keyadmin user is not able to create service/repo using public APIs.

  • RANGER-1100: Hive authorizer does not block update when row-filter/column-mask is specified on the table for the user.

  • RANGER-1101: JCEKS keystore is not created successfully after enabling SSL for Atlas Ranger plugin.

  • RANGER-1103: Added maven version enforcer and moved the plugin to be run as part of maven compile.

  • RANGER-1104: Catching and Logging DB transaction exceptions during Ranger startup.

  • RANGER-1105: Ranger should provide configuration to do hdfs audit file rollover at absolute time.

  • RANGER-1106: Issue after upgrade on ranger hive policy page.

  • RANGER-1111: Enhancements to the db admin setup scripts.

  • RANGER-1113: Ranger Hive authorizer updated to get query string from HiveConf.

  • RANGER-1114: Nimbus, Storm UI server stopped after disabling ranger plugins.

  • RANGER-1116: Ranger HivePluginUnitTest fails due to Hive Metastore version check.

  • RANGER-1119: Exclude test jars from RANGER-admin plugin folders as dependency.

  • RANGER-1120: Need a java patch to handle upgrade of hive servicedef.

  • RANGER-1121: Resolving circular dependency of spring beans by enabling lazy initialization of the beans.

  • RANGER-1123: Keyadmin user is not able to make getservice call using rest v2 public api.

  • RANGER-1124: Good coding practices in Ranger recommended by static code analysis -UI .

  • RANGER-1126: Authorization checks for non existent file/directory should not be recursive in Ranger Hive authorizer.

  • RANGER-1127: Ranger HA Handle scenarios for request with X-Forwarded-Server.

  • RANGER-1128: Data Masking label changes for ranger policies.

  • RANGER-1129: Ability to specify 'audit all accesses' via Ranger admin configuration.

  • RANGER-1132: Ranger Storm Plugin should include commons-codec jar as a dependency.

  • RANGER-1134: Audit to Secure solr fails in case of Ranger Knox Plugin due to MDC context issue.

  • RANGER-1135: Knox and Storm plugins should use secure policy download endpoint in kerberos mode.

  • RANGER-1135: Modified InMemory JAAS configuration to use parent config - if exists.

  • RANGER-1136: Ranger audit to HDFS fails with TGT errors in Ranger HiveServer2 plugin when UGI -TGT expires in audit thread.

  • RANGER-1141: Null pointer exception while retrieving the key during copy file.

  • RANGER-1143: Added RANGER-plugins-cred lib for tagsync deployment.