Fixed Issues in Apache Atlas
Review the list of Atlas issues that are resolved in Cloudera Runtime 7.1.7 SP1.
- CDPD-33210: Upgrade POI to 5.1.0 due to CVEs
-
POI has a few transitive dependencies that have CVEs associated with it. Upgrading to 5.1.0 will avoid most of these CVEs. This issue is now resolved.
- CDPD-32432: Upgrade Logredactor to version 2.0.13 to remediate CVE-2021-44228
-
Upgrade the logredactor version in all the relevant branches that might be used to build Atlas for different stacks and versions. This issue is now resolved.
- CDPD-32226: Upgrade Log4j2 to log4j-2.17.1 due to CVE-2021-44228
-
Upgrade Log4j2 to log4j-2.15.0-rc2 due to CVE-2021-44228. This issue is now resolved.
- CDPD-32189: Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086
-
Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086. This issue is now resolved.
- CDPD-32188: Upgrade testing to 6.11 or later due to CVE-2016-2510
-
Upgrade testng to 6.11 or later due to CVE-2016-2510 (shaded beanshell). This issue is now resolved.
- CDPD-32186: Upgrade Spring Security to 5.4.4+/5.3.8+/5.2.9+ due to CVE-2021-22112
-
Upgrade Spring Security to 5.4.4+/5.3.8+/5.2.9+ due to CVE-2021-22112. This issue is now resolved.
- CDPD-32118: Upgrade Logredactor to version 2.0.11
-
Upgrade the logredactor version in atlas to 2.0.11. This issue is now resolved.
- CDPD-31937: Upgrade underscore.js to 1.12.1+ due to CVE-2021-23358
-
Atlas uses underscore 1.8.3. This needs to be upgraded to 1.12.1+. This issue is now resolved.
- CDPD-31085: Upgrade Spring framework to 5.3.10+/5.2.17+ due to CVE-2021-22118, CVE-2021-22096
-
Atlas is currently pulling in 5.3.8 and needs to be upgraded to 5.3.11 or higher. This issue is now resolved.
- CDPD-30969: Upgrade netty to 4.1.68+ due to CVE-2021-37136, CVE-2021-37137
-
Netty needs to be upgraded to 4.1.68+ due to CVE-2021-37136, CVE-2021-37137. This issue is now resolved.
- CDPD-30915: Atlas login request should be allowed only for HTTP GET request
-
Request to Atlas login page http://localhost:21000/login.jsp is returning the login page irrespective of type of RequestMethod(GET/DELETE/PUT/POST). With this fix, request to login page should be succeed only in case of Http RequestMethod GET and it throws 405 error to all non-GET request types to only Atlas Login Page requests. This issue is now resolved.
- CDPD-30163: Upgrade commons-io to 2.11.0
-
Upgrade commons-io to 2.11.0. This issue is now resolved.
- CDPD-28919: Upgrade to junit 4.13.1 due to CVE-2020-15250
-
Junit 4.13 is vulnerable to CVE-2020-15250. This issue is now resolved.
- CDPD-28151: Upgrade nimbus-jose-jwt due to CVE-2021-27568
-
Atlas is currently pulling in nimbus-jose-jwt 8.0 which pulls in a vulnerable json-smart version, due to CVE-2021-27568. Upgrade to 9.8.1 or later. This issue is now resolved.
- CDPD-26576: Upgrade Spring Security to 5.4.4+/5.3.8+/5.2.9+ due to CVE-2021-22112
-
Atlas is pulling in Spring security 4.2.20 and there is a new high CVE affecting spring security - CVE-2021-22112. Upgrade to 5.4.4, 5.3.8, or 5.2.9 or later. This issue is now resolved.
- CDPD-26772: Remove htrace due to shaded jackson-databind CVEs
-
Atlas is pulling in htrace in addons/kafka-bridge. htrace needs to be removed due to jackson-databind cves and EOL. This issue is now resolved.
- CDPD-31376: Allow GCP path entity through Hive DDL filter.
- This issue is now resolved.
- CDPD-24433: Atlas-Kafka Hook: When a producer publishes messages to multiple topics, the latest relationship is marked as ACTIVE and the rest are marked as DELETED.
-
Previous relationship entries are no longer marked as DELETED.
Apache patch information
- ATLAS-4556
- ATLAS-4548
- ATLAS-4528
- ATLAS-4508
- ATLAS-4002
- ATLAS-4507
- ATLAS-4482
- ATLAS-4493
- ATLAS-4444
- ATLAS-4402
- ATLAS-4372
- ATLAS-4424