Cumulative hotfix CDP PvC Base 7.1.7.2026-3 (SP2 cumulative hotfix11)

Know more about the cumulative hotfixes 11 for 7.1.7 SP2. This cumulative hotfix is released on June 26, 2023.

Following are the list of fixes that were shipped for CDP private cloud-base version 7.1.7-1.cdh7.1.7.p2026.42388390

  • KT-7469: Keytrustee - Upgrade bcpkix-jdk15on to 1.70+ due to CVE-2019-17359
  • CDPD-57592: Backport HIVE-27373 to CDH-7.1.7.2000
  • CDPD-57535: Revert: CDPD-48171: Temporary workaround pinning snakeyaml to 2.0 not vulnerable to CVE-2022-1471
  • CDPD-57513: Backport HIVE-27293 to CDH-7.1.7.2000
  • CDPD-56858: [7.1.7.sp2] Service API access fails with 404 due to NPE and SAXParseException:No such accessible method: addFilter()
  • CDPD-56817: Consumer group instances table does not allow pagination
  • CDPD-56320: Backport PHOENIX-6953 Creating indexes on a table with old indexing leads to inconsistent co-processors
  • CDPD-56269: Backport PHOENIX-6944 Randomize mapper task ordering for Index MR tools
  • CDPD-56168: Backport CALCITE-4968 to CDP-PvC and PC
  • CDPD-55979: [7.1.7 SP2 CHFx CLONE] - Alter view command allowed even when user has a deny policy on the underlying table
  • CDPD-55616: Expose and Increase the default Zeppelin server scheduler thread pool size based on ZEPPELIN-3800
  • CDPD-55608: Hadoop - Upgrade Nimbus-JOSE-JWT to 9.24 due to CVEs coming from json-smart
  • CDPD-53829: Hbase - Upgrade jettison to 1.5.4 due to CVE-2023-1436
  • CDPD-53819: Increase default Zeppelin RPC connection pool size based on ZEPPELIN-5005
  • CDPD-53811: Zeppelin - Upgrade Spring Framework to 5.3.27/6.0.8 due to CVE-2023-20861, CVE-2023-20860 and CVE-2023-20863
  • CDPD-48175: Knox - Upgrade snakeyaml due to CVE-2022-1471
  • CDPD-48168: Ozone - Upgrade snakeyaml due to CVE-2022-1471
  • CDPD-48167: Hadoop - Upgrade snakeyaml due to CVE-2022-1471
  • CDPD-47954: Ozone - Vulnerable libraries found in weld-servlet-2.4.7.Final.jar
  • CDPD-45806: Calcite - Upgrade kotlin to 1.6.0 or later due to CVE-2022-24329 for SP2
  • CDPD-44419: Hue - Upgrade jquery-ui to 1.13.2 due to CVE-2022-31160
  • CDPD-42312: Calcite - Upgrade H2 Database Engine to 2.1.214 due to critical CVEs
  • CDPD-41982: Yarn - Upgrade Guava: Google Core Libraries for Java to v28.2/31.1-jre due to CVEs
Table 1. Cloudera Runtime 7.1.7.2026 (Cumulative Hotfix 11) download URL:
Parcel Repository Location
https://[username]:[password]@archive.cloudera.com/p/cdh7/7.1.7.2026/parcels/