Cloudera Docs

Cumulative hotfix CDP PvC Base 7.1.7.2050-1 (SP2 cumulative hotfix19)

Know more about the cumulative hotfixes 19 for 7.1.7 SP2. This cumulative hotfix is released on February 01, 2024.

Following are the list of fixes that were shipped for CDP private cloud-base version 7.1.7-1.cdh7.1.7.p2050.49659976

  • KT-7508: Keytrustee-keyhsm - Upgrade Bouncy Castle to 1.74 due to CVE-2023-33202 and CVE-2023-33201
  • CDPD-65586: [7.1.x] exclude log4j dependencies from spark-atlas-connector assembly
  • CDPD-65583: Upgrade Apache Derby to 10.17.1.0 due to CVE-2022-46337
  • CDPD-65487: Upgrade Jquery Datatables to 1.13.2
  • CDPD-65486: Update bootstrap to 4.4.1
  • CDPD-65485: Use the same command for building Spark on aarch64 as x86 architecture.
  • CDPD-65404: Implement retry mechanism for failed tests
  • CDPD-65403: Start Derby in network server mode for mini hms used in hwc test framework.
  • CDPD-65402: Avoid ending all transactions in AcidDataSourceHeartBeater thread
  • CDPD-65401: Register Spark-Acid related listeners during the creation of HWC session
  • CDPD-65304: Backport HIVE-25400 to CDH-7.1.7.2000
  • CDPD-65253: Backport TEZ-3972 to CDH-7.1.7.2000
  • CDPD-65249: Backport HIVE-25190 to CDH-7.1.7.2000
  • CDPD-65204: Backport HIVE-25574 on CDP-PvC 7.1.7 SP2 CHFx versions
  • CDPD-65049: HTTP security headers are missing from Oozie response
  • CDPD-64916: Backport HIVE-24858 to CDH-7.1.7.2000
  • CDPD-64908: Backport HIVE-26208 to CDH-7.1.7.2000
  • CDPD-64779: Hue failure on CDH-7.1.7.2000 and CDH-7.1.7.3000
  • CDPD-64747: Use centralized gson version in Zeppelin
  • CDPD-64627: [7.1.x]- Ranger - Upgrade Apache Derby to 10.17.1.0 due to CVE-2022-46337
  • CDPD-64585: [7.1.7 SP2 CHF19/7.1.7 SP3] Upgrade Tomcat to 8.5.96 (for CVE fixes) in all Ranger services
  • CDPD-64517: Kafka connect S3 connector failing with AWS error
  • CDPD-64376: Oozie's Spark and Spark3 option parser does not respect Java arguments starting with '--'
  • CDPD-64335: Zeppelin - Upgrade Bouncy Castle to 1.74 due to CVE-2023-33202 and CVE-2023-33201
  • CDPD-64302: Remove Derby dependency in Solr.
  • CDPD-64225: Sqoop - Upgrade Apache Derby to 10.17.1.0 due to CVE-2022-46337
  • CDPD-64122: CDPD - Upgrade aws-java-sdk-bundle to 1.12.599 due to CVE-2023-44487
  • CDPD-63692: In Rms- s3, db level access write permission mapping config is not working
  • CDPD-63655: Upgrade Apache Ivy to 2.5.2 due to CVE-2022-46751
  • CDPD-63623: [UnitTest] Some Oozie units are failing due to HCat related NPE
  • CDPD-61742: Test failure: org.apache.spark.sql.hive.execution.HiveTableScanSuite.Spark-4077: timestamp query for null value
  • CDPD-58047: Backported HIVE-23726: Avoid IllegalArgumentException when managedLocation is null with colocation enabled in DWX-1.8.5, 7.1.7 SP2, 7.1.8 and 7.1.9 lines.
  • CDPD-48853: Schemas created with the Confluent API cannot be viewed on the UI
  • CDPD-43231: CDPD - Upgrade Protocol Buffer Java API to 2.6.1/3.21.2 due to medium CVEs
  • CDPD-42259: CDPD - Upgrade Commons IO to 2.11.0/20030203.000550 due to medium CVEs
  • CDPD-11827: Backport ORC-616 "In Patched Base encoding, the value of headerThirdByte goes beyond the range of byte"
Common Vulnerabilities and Exposures (CVE) that is fixed in this CHF.
  • CVE-2020-28458
  • CVE-2021-23445
  • CVE-2021-46877
Table 1. Cloudera Runtime 7.1.7.2050 (Cumulative Hotfix 19) download URL:
Parcel Repository Location 
https://[username]:[password]@archive.cloudera.com/p/cdh7/7.1.7.2050/parcels/