Cloudera Docs

Fixed Issues in Apache Atlas

Review the list of Atlas issues that are resolved in Cloudera Runtime 7.1.7 SP1.

CDPD-33210: Upgrade POI to 5.1.0 due to CVEs

POI has a few transitive dependencies that have CVEs associated with it. Upgrading to 5.1.0 will avoid most of these CVEs. This issue is now resolved.

CDPD-32432: Upgrade Logredactor to version 2.0.13 to remediate CVE-2021-44228

Upgrade the logredactor version in all the relevant branches that might be used to build Atlas for different stacks and versions. This issue is now resolved.

CDPD-32226: Upgrade Log4j2 to log4j-2.17.1 due to CVE-2021-44228

Upgrade Log4j2 to log4j-2.15.0-rc2 due to CVE-2021-44228. This issue is now resolved.

CDPD-32189: Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086

Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086. This issue is now resolved.

CDPD-32188: Upgrade testing to 6.11 or later due to CVE-2016-2510

Upgrade testng to 6.11 or later due to CVE-2016-2510 (shaded beanshell). This issue is now resolved.

CDPD-32186: Upgrade Spring Security to 5.4.4+/5.3.8+/5.2.9+ due to CVE-2021-22112

Upgrade Spring Security to 5.4.4+/5.3.8+/5.2.9+ due to CVE-2021-22112. This issue is now resolved.

CDPD-32118: Upgrade Logredactor to version 2.0.11

Upgrade the logredactor version in atlas to 2.0.11. This issue is now resolved.

CDPD-31937: Upgrade underscore.js to 1.12.1+ due to CVE-2021-23358

Atlas uses underscore 1.8.3. This needs to be upgraded to 1.12.1+. This issue is now resolved.

CDPD-31085: Upgrade Spring framework to 5.3.10+/5.2.17+ due to CVE-2021-22118, CVE-2021-22096

Atlas is currently pulling in 5.3.8 and needs to be upgraded to 5.3.11 or higher. This issue is now resolved.

CDPD-30969: Upgrade netty to 4.1.68+ due to CVE-2021-37136, CVE-2021-37137

Netty needs to be upgraded to 4.1.68+ due to CVE-2021-37136, CVE-2021-37137. This issue is now resolved.

CDPD-30915: Atlas login request should be allowed only for HTTP GET request

Request to Atlas login page http://localhost:21000/login.jsp is returning the login page irrespective of type of RequestMethod(GET/DELETE/PUT/POST). With this fix, request to login page should be succeed only in case of Http RequestMethod GET and it throws 405 error to all non-GET request types to only Atlas Login Page requests. This issue is now resolved.

CDPD-30163: Upgrade commons-io to 2.11.0

Upgrade commons-io to 2.11.0. This issue is now resolved.

CDPD-28919: Upgrade to junit 4.13.1 due to CVE-2020-15250

Junit 4.13 is vulnerable to CVE-2020-15250. This issue is now resolved.

CDPD-28151: Upgrade nimbus-jose-jwt due to CVE-2021-27568

Atlas is currently pulling in nimbus-jose-jwt 8.0 which pulls in a vulnerable json-smart version, due to CVE-2021-27568. Upgrade to 9.8.1 or later. This issue is now resolved.

CDPD-26576: Upgrade Spring Security to 5.4.4+/5.3.8+/5.2.9+ due to CVE-2021-22112

Atlas is pulling in Spring security 4.2.20 and there is a new high CVE affecting spring security - CVE-2021-22112. Upgrade to 5.4.4, 5.3.8, or 5.2.9 or later. This issue is now resolved.

CDPD-26772: Remove htrace due to shaded jackson-databind CVEs

Atlas is pulling in htrace in addons/kafka-bridge. htrace needs to be removed due to jackson-databind cves and EOL. This issue is now resolved.

CDPD-31376: Allow GCP path entity through Hive DDL filter.
This issue is now resolved.
CDPD-24433: Atlas-Kafka Hook: When a producer publishes messages to multiple topics, the latest relationship is marked as ACTIVE and the rest are marked as DELETED.

Previous relationship entries are no longer marked as DELETED.

This issue is now resolved.

Apache patch information

  • ATLAS-4556
  • ATLAS-4548
  • ATLAS-4528
  • ATLAS-4508
  • ATLAS-4002
  • ATLAS-4507
  • ATLAS-4482
  • ATLAS-4493
  • ATLAS-4444
  • ATLAS-4402
  • ATLAS-4372
  • ATLAS-4424