Release Notes
Also available as:


HDP 2.5.6 provides Ranger 0.6.0 and the following Apache patches:

  • RANGER-1603: Wildcard policy authorization incorrectly performs prefix match.

  • RANGER-1619: HS2 doesn't evaluate WASB ranger policies on the location given in Create & Load commands if the location doesn't exist / Ranger Hive Plugin fails to check the URI when the location doesn't exist.

HDP 2.5.5 provided Ranger 0.6.0 and the following Apache patches:

  • RANGER-1095: Invert authorization logic in RangerSolrAuthorizer.

  • RANGER-1171: Invert authorization logic in RangerKafkaAuthorizer.

  • RANGER-1180: Add HBase Authorization tests.

  • RANGER-1181: Ranger HDFS authorizer should fall back to native authorizer for each level of access to be authorized i.e. ancestor/parent/node/sub-access.

  • RANGER-1182: Remove code duplication around the PrivilegedAction handling.

  • RANGER-1216: Ranger Audit framework fails to audit to keberized + SSL enabled Solr.

  • RANGER-1229: RangerResourceMatcher for Hdfs and Yarn resources does not correctly handle policy containing only one resource whose value is "*".

  • RANGER-1239: hbase policy created as a result of hbase grant request does not allow dropping the namespace for the grantee user.

  • RANGER-1243: Unable to create any services in ranger UI through ambari as well as manually.

  • RANGER-1245: Ranger UI group name limitation (32 characters in UI).

  • RANGER-1253: UI error when a special character is entered for a username in the admin webapp.

  • RANGER-1288: Ranger upgrade fails if using SSL enabled DB environment.

  • RANGER-1310: Ranger Audit framework enhancement to provide an option to allow audit records to be spooled to local disk first before sending it to destinations.

  • RANGER-1314: updated HBase plugin to support authorization of namespace operations.

  • RANGER-1338: Ranger Plugin failed to download policy when JaasConfig alone is used to set the UGI instead of Principal/Keytab.

  • RANGER-1355: RangerAuthorizer for Hive MSCK command.

  • RANGER-1379: Seeing HTTP 404 in the logs for PolicyRefresher intermittently for different services.

  • RANGER-1423: Preparing Ranger Admin Step fails during RU.

  • RANGER-1434: Enable Group Search First causes issues.

  • RANGER-1435: Allow different files to be specified for unix based usersync.

  • RANGER-1499: Ranger - Upgrade Tomcat version.

HDP 2.5.3 provided Ranger 0.6.0 and no additional Apache patches.

HDP 2.5.0 provided Ranger 0.6.0 and the following Apache patches:

  • RANGER-1090: Revoke command with grant option does not disable delegated admin permission for users/groups in the corresponding policy.

  • RANGER-1094: One way SSL (when Kerberos is enabled) for Ranger and its plugins.

  • RANGER-1096: Revert to jceks scheme for credential store related operations.

  • RANGER-1097: Ranger KMS Plugin should not fails to download policy when UGI ticket expires.

  • RANGER-1099: Keyadmin user is not able to create service/repo using public APIs.

  • RANGER-1100: Hive authorizer does not block update when row-filter/column-mask is specified on the table for the user.

  • RANGER-1101: JCEKS keystore is not created successfully after enabling SSL for Atlas Ranger plugin.

  • RANGER-1103: Added maven version enforcer and moved the plugin to be run as part of maven compile.

  • RANGER-1104: Catching and Logging DB transaction exceptions during Ranger startup.

  • RANGER-1105: Ranger should provide configuration to do hdfs audit file rollover at absolute time.

  • RANGER-1106: Issue after upgrade on ranger hive policy page.

  • RANGER-1111: Enhancements to the db admin setup scripts.

  • RANGER-1113: Ranger Hive authorizer updated to get query string from HiveConf.

  • RANGER-1114: Nimbus, Storm UI server stopped after disabling ranger plugins.

  • RANGER-1116: Ranger HivePluginUnitTest fails due to Hive Metastore version check.

  • RANGER-1119: Exclude test jars from RANGER-admin plugin folders as dependency.

  • RANGER-1120: Need a java patch to handle upgrade of hive servicedef.

  • RANGER-1121: Resolving circular dependency of spring beans by enabling lazy initialization of the beans.

  • RANGER-1123: Keyadmin user is not able to make getservice call using rest v2 public api.

  • RANGER-1124: Good coding practices in Ranger recommended by static code analysis -UI .

  • RANGER-1126: Authorization checks for non existent file/directory should not be recursive in Ranger Hive authorizer.

  • RANGER-1127: Ranger HA Handle scenarios for request with X-Forwarded-Server.

  • RANGER-1128: Data Masking label changes for ranger policies.

  • RANGER-1129: Ability to specify 'audit all accesses' via Ranger admin configuration.

  • RANGER-1132: Ranger Storm Plugin should include commons-codec jar as a dependency.

  • RANGER-1134: Audit to Secure solr fails in case of Ranger Knox Plugin due to MDC context issue.

  • RANGER-1135: Knox and Storm plugins should use secure policy download endpoint in kerberos mode.

  • RANGER-1135: Modified InMemory JAAS configuration to use parent config - if exists.

  • RANGER-1136: Ranger audit to HDFS fails with TGT errors in Ranger HiveServer2 plugin when UGI -TGT expires in audit thread.

  • RANGER-1141: Null pointer exception while retrieving the key during copy file.

  • RANGER-1143: Added RANGER-plugins-cred lib for tagsync deployment.