Cloudera Docs

Cumulative hotfix CDP Private Cloud Base 7.1.7.3008-2 (SP3 Cumulative hotfix1)

Know more about the cumulative hotfix 1 for CDP 7.1.7 SP3. This cumulative hotfix was released on June 20, 2024.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.7-1.cdh7.1.7.p3008.54201069.

COMPX-16285: Backport YARN-6523 (Optimize system credentials sent in node heartbeat responses)

Previously, the heartbeat responses set all application's tokens even though all applications were not active on a node. Hence, for each node and each heartbeat too many SystemCredentialsForAppsProto objects were created. This issue is now resolved and the system credentials sent in node heartbeat responses are optimized.

CDPD-71226: Zookeeper: Analyse compatibility report generated
Java Client SendThread created many unnecessary login objects. This issue is now resolved and the number of Login objects/clients is now limited.
CDPD-70306: Atlas Lineage download PNG option is not working
The PNG option was not visible in the Atlas Lineage page when the lineage contained shell entities. This issue is now resolved and the PNG image of lineages having shell entities is now downloadable.
CDPD-70102: Backport "TestLdapGroupsMapping failing -string mismatch in exception validation"
A change in the exception strings broke the TestLdapGroupsMapping validation code. This issue is now resolved.
CDPD-70014: Backport fix for KUDU-3576

When a connection to a tablet server was kept open by a Kudu Java client application, and if the tablet server was terminated/restarted or when a network error occurred on the connection, the client application could not communicate with the tablet server even after the tablet server was up and running again. A NullPointerException (NPE) in Connection.exceptionCaught() made the connection to the corresponding tablet server unusable. This issue is now resolved.

CDPD-70002: Ranger RMS gives all permissions to the user attempting to alter a HDFS directory through the Create permission
An additional check is now performed to ensure that the user attempting to alter a HDFS directory that maps to the Hive database is the owner of the Hive database for the attempted operation.
CDPD-69947: Backport "LdapGroupsMapping$LdapSslSocketFactory ClassNotFoundException"

When using the LdapGroupsMapping group mapping mechanism along with Secure Socket Layer (SSL) enabled, it led to the ClassNotFoundException error when called through native threads. This issue is now resolved.

CDPD-69794: Backport ZOOKEEPER-3331 IP ACL is not working with NettyServerCnxnFactory to ZooKeeper 3.5.x versions
The IP Access Control List (ACL) method did not work when Transport Layer Security (TLS) was enabled on the cluster and the HBase and Yarn services failed to start due to NoAuth exception. This issue is now resolved.
CDPD-69742: Backport IMPALA-11901: COPY TESTCASE is broken in LocalCatalog mode
The COPY TESTCASE FROM/TO was not supported in LocalCatalog mode. This is now fixed and the COPY TESTCASE is now supported in the LocalCatalog mode.
CDPD-69607: Fix for "CDPD-67823 - Ranger RMS gives all permissions to the user through the Create permission" may cause NPE
Ranger RMS gave all permissions to the user through Create permission. This caused an NPE if the ownerUser value for Hive entities in the resource-mappings was not populated. This issue is now resolved.
CDPD-69271: Ranger override policy is not working
The override policy in Ranger was not working and the user was denied access. This issue is now resolved.
CDPD-68842: Ranger - Upgrade Netty version to 4.1.108.Final due to CVE-2024-29025
Upgraded the Netty version to 4.1.108 due to CVE-2024-29025.
CDPD-68821: Zeppelin - Upgrade Bouncy Castle version to 1.78 due to CVE-2024-29857, CVE-2024-30171 and CVE-2024-30172
Upgraded the Bouncy Castle version to 1.78 due to CVE-2024-29857, CVE-2024-30171 and CVE-2024-30172.
CDPD-68793: Hadoop - Upgrade Kafka Clients due to CVEs
Upgraded the Kafka Client due to CVE-2023-25194, CVE-2021-38153 and CVE-2018-17196.
CDPD-68706: Ranger - Exclude Apache Derby from Ranger-RMS module due to CVE-2022-46337
Apache Derby is now excluded from the Ranger RMS module due to CVE-2022-46337.
CDPD-68705: Ranger - Upgrade Nimbus-JOSE-JWT to 9.37.3 due to CVE-2023-52428
Upgraded the Nimbus-JOSE-JWT library version to 9.37.3 due to CVE-2023-52428.
CDPD-68704: Ranger - Upgrade protobuf-java version to 3.21.7 due to CVE-2022-3171
Upgraded the protobuf-java utility version to 3.21.7 due to CVE-2022-3171.
CDPD-68703: Ranger - Upgrade Telemetry to 1.36.0
Upgraded Telemetry version to 1.36.0.
CDPD-68702: Ranger - Upgrade Spring Security to 5.7.12/5.8.11/6.1.8/6.2.3 due to CVE-2024-22257
Upgraded the Spring Security version to 5.7.12/5.8.11/6.1.8/6.2.3 due to CVE-2024-22257.
CDPD-68690: Zeppelin - disable Jetty Version visibility
The Jetty version is now not visible on the Zeppelin UI.
CDPD-68282: SMM UI - Upgrade Node JS version to 20.12.1 due to multiple CVEs
Upgraded the Node JS version to 20.12.1 due to various CVEs.
CDPD-67864: Ranger - Upgrade Spring Security to 5.7.12/5.8.11/6.1.8/6.2.3 due to CVE-2024-22257
Upgraded the Spring Security version to 5.7.12 due to CVE-2024-22257.
CDPD-67802: Backport IMPALA-12189
The updateCatalog command did not release the catalog lock whenever createTblTransaction() issued exceptions. This issue is now resolved.
CDPD-67608: SMM - Upgrade Jetty to 9.4.54.v20240208 due to CVE-2024-22201
Upgraded the Jetty version to 9.4.54.v20240208 due to various CVEs.
CDPD-67606: HDFS authorization logic for directory hierarchy rooted at "/" is incorrect
The Ranger authorization logic for the HDFS commands that required authorization of the entire directory hierarchy rooted at a specified directory argument was incorrect because the sub-directory paths were computed incorrectly. The paths of the sub-directories that needed to be authorized contained an extra /character, leading to incorrect authorization results. This issue is now resolved.
CDPD-67227: SMM - Upgrade Spring Framework to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262
Upgraded the Spring Framework version to 5.3.34 due to various CVEs.
CDPD-67224: Ozone - Upgrade Spring Framework to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262
Upgraded the Spring Framework version to 5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262.
CDPD-66846: Provide an option to bypass evaluation of chained plugin if the parent plugin has applicable policy
When a chained plugin was configured, every access request processed by a parent plugin was also processed by the chained plugin. This issue is now resolved and an option is now provided to bypass evaluation of chained plugin if the parent plugin has an applicable policy.
Common Vulnerabilities and Exposures (CVE) fixed in this release.
  • CVE-2023-1370
  • CVE-2023-1932
Table 1. Cloudera Runtime 7.1.7.3008 (Cumulative Hotfix 1) download URL:
Repository Location 
https://[[***USERNAME***]]:[[***PASSWORD***]]@archive.cloudera.com/p/cdh7/7.1.7.3008/parcels/