Cloudera Docs

Cumulative hotfix CDP PvC Base 7.1.8.50-2 (Cumulative hotfix16)

Know more about the cumulative hotfix 16 for 7.1.8. This cumulative hotfix was released on November 03, 2023.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.8-1.cdh7.1.8.p50.46671320

  • COMPX-15308: YARN-11578 Fix performance issue of permission check in verifyAndCreateRemoteLogDir
  • CDPD-62806: Backport HIVE-27558 to CDH-7.1.8.x
  • CDPD-62799: IMPALA-12492 Add catalog metrics for total pending events and lag time of the event-processor
  • CDPD-62775: IMPALA-12461 Avoid write lock on the table during self-event detection
  • CDPD-62774: IMPALA-12474 Latest metastore event id polling can be blocked
  • CDPD-62732: Backport HIVE-27772 to CDH-7.1.8.x
  • CDPD-62562: Atlas [7.1.8 CHFx] - Upgrade Okhttp to 4.11.0 due to CVE-2023-0833 and CVE-2021-0341
  • CDPD-62556: Backport HIVE-27723 to CDH-7.1.8.x
  • CDPD-62553: Backport HIVE-21100 to CDH-7.1.8.x
  • CDPD-62516: Backport CDPD-43434 Implement support for preventing incompatible log4j classes to be loaded in Sqoop
  • CDPD-62513: SMM UI - Upgrade Node JS version to 20.8.1 due to multiple CVEs
  • CDPD-62506: SMM - Upgrade netty to 4.1.100.Final due to CVE-2023-44487
  • CDPD-62505: Kafka Connect Ext - Upgrade netty to 4.1.100.Final due to CVE-2023-44487
  • CDPD-62452: Backport HIVE-27760 to CDH-7.1.8.x
  • CDPD-62448: Explicit handling of DIGEST-MD5 vs GSSAPI in quorum auth
  • CDPD-62346: Backport IMPALA-8675 to 7.1.8 CHF
  • CDPD-62345: Backport IMPALA-12462 to 7.1.8 CHF
  • CDPD-62344: Backport IMPALA-11534 to 7.1.8 CHF
  • CDPD-62297: Oozie unit tests do not clean up tens of GigaBytes of data causing UT container eviction
  • CDPD-62263: Backport HIVE-27673 to CDH-7.1.8.x
  • CDPD-62222: Cruise Control - Upgrade Okhttp to 4.11.0 due to CVE-2023-0833 and CVE-2021-0341
  • CDPD-62209: Backport CDPD-43343 (OOZIE-3666) Oozie log streaming bug when log timestamps are the same on multiple Oozie servers
  • CDPD-62156: IMPALA-10860 Allow setting separate mem_limit for coordinators
  • CDPD-62125: Kafka - Upgrade snappy-java to 1.1.10.5 due to CVE-2023-43642
  • CDPD-61810: Datanucleus upgrade causes test failures in Oozie
  • CDPD-61798: Cannot drop unbounded range partitions in Kudu tables
  • CDPD-61757: Backport CDPD-60973 into 7.1.8
  • CDPD-61719: Backport PHOENIX-6767 Traversing through all the guideposts to prepare parallel scans is not required for salted tables when the query is point lookup
  • CDPD-61710: Backport PHOENIX-6604 Allow using indexes for wildcard topN queries on salted tables
  • CDPD-61678: [7.1.8 CHF16] Implement best coding practices for validating user input
  • CDPD-61613: IMPALA-12460 Add lag and histogram of event processing in the log
  • CDPD-61594: Backport HIVE-27213 to CDH-7.1.8.x
  • CDPD-61589: Hue download from ABFS can return a corrupted file
  • CDPD-61584: [Intermittent] Active NN not getting latest resource mappings from RMS server
  • CDPD-61564: Caused by: java.lang.NoClassDefFoundError: org/datanucleus/store/query/cache/QueryCompilationCache
  • CDPD-61505: Atlas [7.1.8 CHFx] - Upgrade Okio to 3.4.0 due to CVE-2023-3635
  • CDPD-61501: "Sync source" filter in User/Group search in Oracle DB used clusters leads to an error
  • CDPD-61499: Atlas [7.1.8 CHFx] - Upgrade Apache Ivy to 2.5.2 due to CVE-2022-46751
  • CDPD-61433: [7.1.x]- Ranger CSV Report extract may fail with Null pointer exception
  • CDPD-61353: Backport of CDPD-58220 : ZDU | Getting java.lang.ClassNotFoundException: org.cloudera.log4j.redactor.RedactorAppender while starting ZEPPELIN
  • CDPD-61310: Backport PHOENIX-7005 Spark connector tests cannot compile with latest Phoenix
  • CDPD-61306: Backport PHOENIX-6916 Cannot handle ranges where start is a prefix of end for desc columns
  • CDPD-61047: [7.1.8 CHF] Ranger - Upgrade Tomcat to 8.5.93/9.0.80 due to CVE-2023-41080
  • CDPD-61028: CLONE - Atlas - Upgrade jettison to 1.5.4 due to CVE-2023-1436
  • CDPD-61024: [718] RangerKafkaAuditHandler broken and multiple authorizations audited in CDP 7.1.8
  • CDPD-60742: open_connections and open_operations metrics not populated after hive service restart
  • CDPD-60199: HMS memory leak because of datanucleus-api-jdo bug
  • CDPD-60030: Hue : Stored Cross-Site Scripting in file name field
  • CDPD-60006: Backport HIVE-22489, HIVE-24883 and HIVE-25410 issues to fix java.lang.ClassCastException in join on array column
  • CDPD-59890: [718] RangerJSONAuditWriter creates new log file for writing ranger audits as JSON every time there is an Exception
  • CDPD-59847: Zeppelin - Upgrade jackrabbit-webdav to 2.21.18 due to CVE-2023-37895
  • CDPD-59623: Cruise Control - Upgrade Okio to 3.4.0 due to CVE-2023-3635
  • CDPD-59621: Kafka Connect - Upgrade Okio to 3.4.0 due to CVE-2023-3635
  • CDPD-59618: Hadoop - Upgrade Okio to 3.4.0 due to CVE-2023-3635
  • CDPD-59481: [UnitTest] testConnectionRetryExceptionListener fails w/ BindException: Address already in use
  • CDPD-59458: Backport of CDPD-58577:Zeppelin - Upgrade Guava to 32.0.1 due to CVE-2023-2976 to branch 7.1.8 and 7.1.7 SP2
  • CDPD-59403: Bump ORC C++ version of Impala to fix ORC-1041 and ORC-1304 in 7.1.8
  • CDPD-59344: Fix and backport PHOENIX-6999 Point lookups fail with reverse scan
  • CDPD-59247: Backport CDPD-58535 to CDH 7.1.x and CDS 3.x CHFs
  • CDPD-58979: Zeppelin - Upgrade Apache Ant to 1.10.12 due to medium CVEs in 7.1.7 and 7.1.8
  • CDPD-58918: [Backport 7.1.8 CHFx] SRM - Upgrade Guava to 32.0.1 due to CVE-2023-2976
  • CDPD-58914: [Backport 7.1.8 CHFx] SMM - Upgrade Guava to 32.0.1 due to CVE-2023-2976
  • CDPD-58910: [Backport 7.1.8 CHFx] Schema Registry - Upgrade Guava to 32.0.1 due to CVE-2023-2976
  • CDPD-58908: Backport of CDPD-55537: Zeppelin - Remove apache tephra-core package due to EOL and CVEs to branches 7.1.8, 7.1.7 Sp2
  • CDPD-58904: Zeppelin - Replace log4j with reload4
  • CDPD-58862: Backport of CDPD-55615:Upgrade Nimbus-JOSE-JWT to 9.24 due to CVEs coming from json-smart to 7.1.8, 7.1.7 Sp2
  • CDPD-58663: CLONE - Atlas - Upgrade gremlin shaded to 3.5.5+ due to jackson-databind CVEs
  • CDPD-58653: Atlas - Upgrade Netty Project to 4.1.94.Final due CVE-2023-34462
  • CDPD-58019: Ratis-Thirdparty - Bump guava to 32.0.0-jre
  • CDPD-57739: Hbase-solr - Upgrade sqlite-jdbc to 3.41.2.2+ due to CVE-2023-32697
  • CDPD-56176: Fix and backport PHOENIX-6910 Scans created during query compilation and execution against salted tables need to be more resilient
  • CDPD-55251: Schema Registry Ranger Plugin - Upgrade jackson-databind to 2.12.7.1/2.13.4.1+ due to CVE-2022-42003, CVE-2022-42004
  • CDPD-43434: Implement support for preventing incompatible log4j classes to be loaded in Sqoop
  • CDPD-43343: Oozie log streaming bug when log timestamps are the same on multiple Oozie servers
  • CDPD-42173: Zeppelin - Upgrade Protocol Buffer Java API to 2.6.1/3.21.2 due to medium CVEs
  • TSB 2023-702: Potential wrong result for queries with date partition filter for clusters in GMT+ timezone
  • TSB 2023-704: File corruption when downloading files larger than 1 MB from ABFS with Hue File Browser
Table 1. Cloudera Runtime 7.1.8.50 (Cumulative Hotfix 16) download URL:
Parcel Repository Location 
https://[username]:[password]@archive.cloudera.com/p/cdh7/7.1.8.50/parcels/