Component Affected: RangerAuthorizer for Hive

Scenario: RangerAuthorizer does not handle MSCK command.

Previous Behavior: Ranger HIVE authorizer did not authorize MSCK command where as in HIVE SQL Standard authorizer ADMIN command is used to authorize MSCK command.

New Behavior: Since MSCK command is equivalent to ALTER TABLE <table> Recover Partition, users can use ALTER permission in Ranger to authorize MSCK command.

Scenario: UNION result handling

Previous Behavior: queries in which union operator was used may have created an invalid output type.for example, the column type is ambigous in the following query:

select cast(1 as int) union select cast(1 as string)

Selecting the inappropriate type may cause the value to be changed to NULL.

New Behavior: The types are checked prior to execution; and the ambigous cases are rejected;

FAILED: SemanticException Schema of both sides of union should match: Column _c0 is of type int on first table and type string on second table. Cannot tell the position of null AST. (state=42000,code=40000)

The query should be clarified with explicit casts.

Component Affected: yarn-env.sh and health_check scripts

Scenario: Path to YARN client has changed.

Previous Behavior: The path to the YARN client was previously /usr/lib/hadoop-yarn

New Behavior: The correct path for hadoop-yarn is /usr/hdp/current/hadoop-yarn-client. The yarn-env.sh and health_check scripts may still reference the old paths. You will need to modify the paths in these scripts to reflect the new paths.

Component Affected: Tomcat

Scenario: Tomcat 6.0.46 starts to filter weak ciphers. Some old SSL clients may be affected.

Recommended Action:You should upgrade the SSL client. Run the SSL client against https://www.howsmyssl.com/a/check to determine its TLS version and cipher suites.