Cumulative hotfix CDP Private Cloud Base 7.1.7.3008-2 (SP3 Cumulative hotfix1)

Know more about the cumulative hotfix 1 for CDP 7.1.7 SP3. This cumulative hotfix was released on June 20, 2024.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.7-1.cdh7.1.7.p3008.54201069.

COMPX-16285: Backport YARN-6523 (Optimize system credentials sent in node heartbeat responses)

Previously, the heartbeat responses set all application's tokens even though all applications were not active on a node. Hence, for each node and each heartbeat too many SystemCredentialsForAppsProto objects were created. This issue is now resolved and the system credentials sent in node heartbeat responses are optimized.

CDPD-71226: Zookeeper: Analyse compatibility report generated

Java Client SendThread created many unnecessary login objects. This issue is now resolved and the number of Login objects/clients is now limited.

CDPD-70306: Atlas Lineage download PNG option is not working

The PNG option was not visible in the Atlas Lineage page when the lineage contained shell entities. This issue is now resolved and the PNG image of lineages having shell entities is now downloadable.

CDPD-70102: Backport "TestLdapGroupsMapping failing -string mismatch in exception validation"

A change in the exception strings broke the TestLdapGroupsMapping validation code. This issue is now resolved.

CDPD-70014: Backport fix for KUDU-3576

When a connection to a tablet server was kept open by a Kudu Java client application, and if the tablet server was terminated/restarted or when a network error occurred on the connection, the client application could not communicate with the tablet server even after the tablet server was up and running again. A NullPointerException (NPE) in Connection.exceptionCaught() made the connection to the corresponding tablet server unusable. This issue is now resolved.

CDPD-70002: Ranger RMS gives all permissions to the user attempting to alter a HDFS directory through the Create permission

An additional check is now performed to ensure that the user attempting to alter a HDFS directory that maps to the Hive database is the owner of the Hive database for the attempted operation.

CDPD-69947: Backport "LdapGroupsMapping$LdapSslSocketFactory ClassNotFoundException"

When using the LdapGroupsMapping group mapping mechanism along with Secure Socket Layer (SSL) enabled, it led to the ClassNotFoundException error when called through native threads. This issue is now resolved.

CDPD-69794: Backport ZOOKEEPER-3331 IP ACL is not working with NettyServerCnxnFactory to ZooKeeper 3.5.x versions

The IP Access Control List (ACL) method did not work when Transport Layer Security (TLS) was enabled on the cluster and the HBase and Yarn services failed to start due to NoAuth exception. This issue is now resolved.

CDPD-69742: Backport IMPALA-11901: COPY TESTCASE is broken in LocalCatalog mode

The COPY TESTCASE FROM/TO was not supported in LocalCatalog mode. This is now fixed and the COPY TESTCASE is now supported in the LocalCatalog mode.

CDPD-69607: Fix for "CDPD-67823 - Ranger RMS gives all permissions to the user through the Create permission" may cause NPE

Ranger RMS gave all permissions to the user through Create permission. This caused an NPE if the ownerUser value for Hive entities in the resource-mappings was not populated. This issue is now resolved.

CDPD-69271: Ranger override policy is not working

The override policy in Ranger was not working and the user was denied access. This issue is now resolved.

CDPD-68842: Ranger - Upgrade Netty version to 4.1.108.Final due to CVE-2024-29025

Upgraded the Netty version to 4.1.108 due to CVE-2024-29025.

CDPD-68821: Zeppelin - Upgrade Bouncy Castle version to 1.78 due to CVE-2024-29857, CVE-2024-30171 and CVE-2024-30172

Upgraded the Bouncy Castle version to 1.78 due to CVE-2024-29857, CVE-2024-30171 and CVE-2024-30172.

CDPD-68793: Hadoop - Upgrade Kafka Clients due to CVEs

Upgraded the Kafka Client due to CVE-2023-25194, CVE-2021-38153 and CVE-2018-17196.

CDPD-68706: Ranger - Exclude Apache Derby from Ranger-RMS module due to CVE-2022-46337

Apache Derby is now excluded from the Ranger RMS module due to CVE-2022-46337.

CDPD-68705: Ranger - Upgrade Nimbus-JOSE-JWT to 9.37.3 due to CVE-2023-52428

Upgraded the Nimbus-JOSE-JWT library version to 9.37.3 due to CVE-2023-52428.

CDPD-68704: Ranger - Upgrade protobuf-java version to 3.21.7 due to CVE-2022-3171

Upgraded the protobuf-java utility version to 3.21.7 due to CVE-2022-3171.

CDPD-68703: Ranger - Upgrade Telemetry to 1.36.0

Upgraded Telemetry version to 1.36.0.

CDPD-68702: Ranger - Upgrade Spring Security to 5.7.12/5.8.11/6.1.8/6.2.3 due to CVE-2024-22257

Upgraded the Spring Security version to 5.7.12/5.8.11/6.1.8/6.2.3 due to CVE-2024-22257.

CDPD-68690: Zeppelin - disable Jetty Version visibility

The Jetty version is now not visible on the Zeppelin UI.

CDPD-68282: SMM UI - Upgrade Node JS version to 20.12.1 due to multiple CVEs

Upgraded the Node JS version to 20.12.1 due to various CVEs.

CDPD-67864: Ranger - Upgrade Spring Security to 5.7.12/5.8.11/6.1.8/6.2.3 due to CVE-2024-22257

Upgraded the Spring Security version to 5.7.12 due to CVE-2024-22257.

CDPD-67802: Backport IMPALA-12189

The updateCatalog command did not release the catalog lock whenever createTblTransaction() issued exceptions. This issue is now resolved.

CDPD-67608: SMM - Upgrade Jetty to 9.4.54.v20240208 due to CVE-2024-22201

Upgraded the Jetty version to 9.4.54.v20240208 due to various CVEs.

CDPD-67606: HDFS authorization logic for directory hierarchy rooted at "/" is incorrect

The Ranger authorization logic for the HDFS commands that required authorization of the entire directory hierarchy rooted at a specified directory argument was incorrect because the sub-directory paths were computed incorrectly. The paths of the sub-directories that needed to be authorized contained an extra /character, leading to incorrect authorization results. This issue is now resolved.

CDPD-67227: SMM - Upgrade Spring Framework to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262

Upgraded the Spring Framework version to 5.3.34 due to various CVEs.

CDPD-67224: Ozone - Upgrade Spring Framework to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262

Upgraded the Spring Framework version to 5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262.

CDPD-66846: Provide an option to bypass evaluation of chained plugin if the parent plugin has applicable policy

When a chained plugin was configured, every access request processed by a parent plugin was also processed by the chained plugin. This issue is now resolved and an option is now provided to bypass evaluation of chained plugin if the parent plugin has an applicable policy.

https://[[***USERNAME***]]:[[***PASSWORD***]]@archive.cloudera.com/p/cdh7/7.1.7.3008/parcels/