Fixed Issues in Apache Ranger

Review the list of Ranger issues that are resolved in Cloudera Runtime 7.1.7 SP1.

CDPD-34023: Chmod and Chown will honor the ranger policy in both with fallback enabled as well as disabled. Workaround is to have the parent directory RX permission in HDFS for the failing folders/files.

This issue is now resolved.

CDPD-32975: Storm library version in Ranger upgraded to fix the CVE.

This issue is now resolved.

CDPD-32974: Kylin library version in Ranger upgraded to fix the CVE.

This issue is now resolved.

CDPD-32879: Added a config "ranger-rms.max.requested.notifications" to limit the size of requested notifications during the delta-sync. If we set the config value < 1 or > 50000; the default value will be treated as maxRequestedNotifications=50000. The default value for MAX_REQUESTED_NOTIFICATIONS is 50000. It also fixes the following bugs: handleDeltaSync loop runs infinite when it tries to fetch notifications in batch and Full-sync does not reset last_known_version=-1 in x_rms_mapping_provider table.

This issue is now resolved.

CDPD-32229: Log4j version in Ranger upgraded to 2.17.1 to fix the CVE.

This issue is now resolved.

CDPD-31886: Oracle JDBC Storage Handler based Hive operation gets authorized correctly now. Work around is to have "*" policy for the storage handle.

This issue is now resolved.

CDPD-31574: Provide an option to optimize space needed by Trie objects.

This issue is now resolved.

CDPD-31546: A delegate admin user should be able to add another user with all or subset of permissions they have.

This issue is now resolved.

CDPD-31476: Added Strict-Transport-Security header in KMS response.

This issue is now resolved.

CDPD-30888: Show Role Grant command failure fixed in this JIRA.

This issue is now resolved.

CDPD-30653: Fix for the issue of incremental policy updates do not work correctly for multiple security zones.

This issue is now resolved.

CDPD-30557: Upgrade underscore.js library.

This issue is now resolved.

CDPD-29334: This code fix closes all the connection to RMS after fetching the notification.

This issue is now resolved.

CDPD-29211: This fix upgrade Spring Security to 5.5.1+ due to CVE-2021-22119.

This issue is now resolved.

CDPD-28887: Made changes to use the Logger to log the messages by removing System.out.println(...).

This issue is now resolved.

CDPD-28669: Update algorithm to build Ranger policy-database object from Ranger policy-view object.

This issue is now resolved.

CDPD-28050: Overriedden searchModuleDef function in XModuleDefService which will fetch users and groups only once instead of performing same operation for every ModuleDef. Creating a Map object by traversing through all users & groups was costly operation. Therefore defined two new functions getXXGroupIdNameMap() and getXXPortalUserIdXXUserNameMap() which will use sql query to return map of id & name instead of the actual objects. This code reduces database calls as well as memory consumption and improves response time.

This issue is now resolved.

CDPD-27335: Ranger Admin / KMS / KMS-KTS server work directory can now be configured through the parameter {{ranger.tomcat.work.dir}} Ranger RMS server work directory can now be configured through the parameter {{ranger-rms.tomcat.work.dir}} Ranger Raz server work directory can now be configured through the parameter {{ranger.raz.tomcat.work.dir}}

This issue is now resolved.

CDPD-26575: Spring framework version in Ranger upgraded to fix the CVE.

This issue is now resolved.

CDPD-25594: When there are large no. of group mappings, all the DB updates are cached in memory and causes OOM issue in ranger. In order to fix this, added code to create individual DB transaction for add/update of user group mapping from Ranger Usersync.

This issue is now resolved.