Cumulative hotfix CDP Private Cloud Base 7.1.7.3019-5 (SP3 Cumulative hotfix9)

Know more about the cumulative hotfix 9 for CDP 7.1.7 SP3. This cumulative hotfix was released on 4 Apr, 2025.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.7-1.cdh7.1.7.p3019.64961939

CDPD-79108: KerberosBasicAuthenticationHandler cannot handle colons in passwords: The KerberosBasicAuthenticationHandler can now handle colons in passwords. This handler is used by Schema Registry and Streams Messaging Manager.
CDPD-79576: HBase-Spark connector does not work with non-default namespace: The HBase-Spark connector had a significant limitation, it only supported writing data back to tables in the default namespace. If a table resided in a custom namespace, the connector failed to write to it and instead redirected the data back to a table in the default namespace. This issue is now resolved.
Apache JIRA: HBASE-24276
CDPD-77716: In Apache Phoenix, subqueries that involve both JOIN and UNION fail to work correctly when one side of the UNION yields no results: This issue is now resolved by clearing the dependency map, once all the values within it are marked as closed.
Apache JIRA: PHOENIX-7492
CDPD-77685: In Apache Phoenix, a mixed-cased alias does not work in the select statement of INNER JOIN: This issue is resolved now.
Apache JIRA: PHOENIX-7491
CDPD-79911: Ranger: Upgraded Netty to version 4.1.118.Final: Upgraded Netty to version 4.1.118.Final due to CVE-2025-24970 and CVE-2025-25193.
CDPD-80189: Upgraded azure-storage-blob to version 12.18.0: Upgraded azure-storage-blob to version 12.18.0 due to CVE-2022-30187.
CDPD-79954: Ranger: Upgraded Json-Java to version 20231013: Upgraded Json-Java to version 20231013 due to CVE-2023-5072 and CVE-2022-45688.
CDPD-79952: Ranger: Upgraded commons-net to version 3.9.0: Upgraded commons-net to version 3.9.0 due to CVE-2021-37533.
KT-7596: KTS cluster Passive KTS_DB was not starting: KTS cluster Passive KTS_DB was not starting due to missing LDAP user information. The pwd.getpwall() call provided only local user information, and not LDAP user information. This was because the keytrustee user is a LDAP user, and it was not included in the password database information. So, KTS raised an exception because it was unable to find that user.
This issue is fixed now. The pwd.getpwall() call and subsequent iteration are replaced with a pwd.getpwnam() call to get group information.

Table 1. Cloudera Runtime 7.1.7. (Cumulative Hotfix 9) download URL:
Repository Location
`https://[[*USERNAME]]:[[PASSWORD*]]@archive.cloudera.com/p/cdh7/7.1.7.3019/parcels/`

Common Vulnerabilities and Exposures (CVE) that is fixed in this CHF:

CVE-2022-30187 - Azure Storage Blob
CVE-2022-45688 - org.json
CVE-2023-5072 - org.json