Cumulative hotfix CDP Private Cloud Base 7.1.7.3013-1 (SP3 Cumulative hotfix4)
Know more about the cumulative hotfix 4 for CDP 7.1.7 SP3. This cumulative hotfix was released on Sep 06, 2024.
Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.7-1.cdh7.1.7.p3013.57035125.
- CDPD-73423: Ranger - Upgrade Spring Framework to 6.1.12/6.0.23/5.3.39 due to CVE-2024-38808 and CVE-2024-38809
- Upgraded the Spring-framework version to 5.3.39 due to CVE-2024-38808 and CVE-2024-38809.
- CDPD-72621: HWC - Support default constraints while writing into a table
- Added support for default constraints while writing into a table in Hive Warehouse Connector.
- CDPD-72292: [Private Cloud Releases] Upgrade RequireJS due to CVE-2024-38998 and CVE-2024-38999
- Upgraded the RequireJS version due to CVE-2024-38998 and CVE-2024-38999.
- CDPD-70357: Do not call HMS to get list of pruned partitions when translated filter is empty
- Minimized the calls to Hive Metastore (HMS) layer to get the partitions list by making one call for each table irrespective of repetition.
- CDPD-63092: Avro - CVE-2023-39410
- When deserializing untrusted data, there was a possibility for a reader to consume memory beyond the allowed constraints, leading to out of memory on the system. This issue affected Java applications using Apache Avro Java SDK up to and including 1.11.2. This issue is resolved by updating to Apache-Avro version 1.11.3.
The Common Vulnerabilities and Exposures (CVEs) that are fixed in this CHF:
- CVE-2024-36114 : Aircompressor
- CVE-2024-38999 : RequireJS
- CVE-2024-38998 : RequireJS
| Repository Location |
|---|
|
