Cumulative hotfix CDP PvC Base 7.1.8.55-1 (Cumulative hotfix18)

Know more about the cumulative hotfix 18 for 7.1.8. This cumulative hotfix was released on January 18, 2024.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.8-1.cdh7.1.8.p55.49161416

  • KT-7508: Keytrustee-keyhsm - Upgrade Bouncy Castle to 1.74 due to CVE-2023-33202 and CVE-2023-33201
  • COMPX-7241: Fix failing unit test: org.apache.hadoop.yarn.client.api.impl.TestAMRMProxy.testAMRMProxyTokenRenewal
  • COMPX-6254: Fix failing unit tests: org.apache.hadoop.yarn.client.api.impl.TestNMClient
  • CDPD-65103: Backport IMPALA-12425 to 7.1.8 CHF
  • CDPD-65102: Backport IMPALA-12084 to 7.1.8 CHF
  • CDPD-65069: Backport IMPALA-12577 to 7.1.8 CHF
  • CDPD-65051: Backport IMPALA-11644 to 7.1.8 CHF
  • CDPD-65050: Backport IMPALA-10983 to 7.1.8 CHF
  • CDPD-65042: Livy - [7.1.8 CHFx] Upgrade datatables to 1.10.23+ due to CVE-2020-28458
  • CDPD-65040: IMPALA-12670 CatalogdMetaProvider.getIfPresent() not throwing the underlying InconsistentMetadataFetchException
  • CDPD-64946: IMPALA-12683 Incorrect last synced event time in testDisableEventSyncFlag
  • CDPD-64918: Backport HIVE-24858 to CDH-7.1.8.x
  • CDPD-64915: Backport IMPALA-12053 to 7.1.8 CHF
  • CDPD-64910: Backport HIVE-26208 to CDH-7.1.8.x
  • CDPD-64800: Classic UI - Security zone form not populate resources value properly while creating and editing zone form.
  • CDPD-64790: Atlas build failure across release lines
  • CDPD-64746: Use centralized gson version in Cruise Control
  • CDPD-64734: Use centralized nimbus-jose-jwt version in Cruise Control
  • CDPD-64726: 71x backport - Slowness / broadcast timeout issues due to SPARK-33290: REFRESH TABLE should invalidate cache even though the table itself may not be cached (Spark 2.4.8)
  • CDPD-64707: hue build failure in centos7
  • CDPD-64648: Backport the versionless bigtop-new gerrits into 7.1.8 and 7.1.9
  • CDPD-64627: [7.1.x]- Ranger - Upgrade Apache Derby to 10.17.1.0 due to CVE-2022-46337
  • CDPD-64583: [7.1.8 CHF18] Upgrade Tomcat to 8.5.96 (for CVE fixes) in all Ranger services
  • CDPD-64576: Backport IMPALA-11501 to 7.1.8 to fix performance regression of IM
  • CDPD-64517: Kafka connect S3 connector failing with AWS error
  • CDPD-64477: Optimize Relationship Edge fetch
  • CDPD-64476: Set name field with qualifiedName for impala_process and impala_process_execution
  • CDPD-64427: LDAP group import/sync fails for "memberUid"
  • CDPD-64376: Oozie's Spark and Spark3 option parser does not respect Java arguments starting with '--'
  • CDPD-64335: Zeppelin - Upgrade Bouncy Castle to 1.74 due to CVE-2023-33202 and CVE-2023-33201
  • CDPD-64302: Remove Derby dependency in Solr.
  • CDPD-64240: CDPD-63145 causes regression in Orc
  • CDPD-64229: Impala - Upgrade Apache Derby to 10.17.1.0 due to CVE-2022-46337
  • CDPD-64225: Sqoop - Upgrade Apache Derby to 10.17.1.0 due to CVE-2022-46337
  • CDPD-64221: Kafka - Upgrade jose4j to 0.9.3 due to CVE-2023-31582
  • CDPD-64134: canary docker image build fails
  • CDPD-64131: Backport HIVE-25684 to CDH-7.1.8.x
  • CDPD-64122: CDPD - Upgrade aws-java-sdk-bundle to 1.12.599 due to CVE-2023-44487
  • CDPD-64100: IMPALA-10825 impala crashes when canceling the retrying query
  • CDPD-64099: IMPALA-10414 Retrying failed query may cause memory leak
  • CDPD-64031: [7.1.8.CHFx] Atlas UI Basic Searching result sorting option not available on all Columns
  • CDPD-64007: Backport HIVE-27885 on CDP branches
  • CDPD-63915: Sqoop Teradata export fails if source table is empty
  • CDPD-63835: Backport HIVE-27679 on all CDP-PvC 7.1.[7-9] CHFx versions
  • CDPD-63813: [7.1.8.CHFx] Atlas - Upgrade amqp-client to 5.18.0+ due to CVE-2023-46120
  • CDPD-63809: 7.1.8 CLONE - change the log level to DEBUG for "No context-enrichers!"
  • CDPD-63780: [7.1.8 & 7.1.9] Hive Warehouse Connector - Upgrade ICU4J to safe version due to high CVEs
  • CDPD-63779: Oozie's spark actions are failing intermittently due to NPE
  • CDPD-63756: Backport CDPD-63231 to 7.1.8 CHF
  • CDPD-63723: Sqoop should determine files as Parquet by PAR1 in header
  • CDPD-63692: In Rms- s3, db level access write permission mapping config is not working
  • CDPD-63623: [UnitTest] Some Oozie units are failing due to HCat related NPE
  • CDPD-63602: Zeppelin - Upgrade jetty to 9.4.53/10.0.17/11.0.17 due to CVE-2023-40167, CVE-2023-36479, CVE-2023-41900, CVE-2023-36478 and CVE-2023-44487
  • CDPD-63443: CLONE - CLONE - UI: Enum type Business metadata attribute shows incorrect data when specific string is in attribute name.
  • CDPD-63441: [CDH-7.1.8 CHF18 CLONE] - AuthorizeOnlyWithChainedPolicies shows incorrect policy in Ranger audit when policy priority is equal
  • CDPD-63326: Fix CVE-2023-36877 Apache Oozie Spoofing Vulnerability
  • CDPD-63313: IMPALA-12542 test_query_cancel_created failed in ASAN build
  • CDPD-63302: Keytrustee-keyhsm - Upgrade Jetty to 9.4.53/10.0.17/11.0.17 due to CVE-2023-40167, CVE-2023-36479, CVE-2023-41900, CVE-2023-36478 and CVE-2023-44487
  • CDPD-63297: Knox - Upgrade Apache Santuario - xmlsec to 2.2.6/2.3.4/3.0.3 due to CVE-2023-44483
  • CDPD-63291: Search - Upgrade amqp-client to 5.18.0+ due to CVE-2023-46120
  • CDPD-63287: Solr - Upgrade jose4j to 0.9.3 due to CVE-2023-31582
  • CDPD-63286: Upgrade jose4j to 0.9.3 due to CVE-2023-31582
  • CDPD-63283: IMPALA-12493 Impala Query cancelled while Analyzing or Compiling partially closes but query remains on Coordinator
  • CDPD-63238: Parquet export fails with NoSuchMethodError
  • CDPD-63223: Schema Registry - Upgrade Jetty to 9.4.53/10.0.17/11.0.17 due to CVE-2023-40167, CVE-2023-36479, CVE-2023-41900, CVE-2023-36478 and CVE-2023-44487
  • CDPD-63145: BytesColumnVector fails when the aggregate size is > 1gb
  • CDPD-63098: SMM - Upgrade Jetty to 9.4.53/10.0.17/11.0.17 due to CVE-2023-40167, CVE-2023-36479, CVE-2023-41900, CVE-2023-36478 and CVE-2023-44487
  • CDPD-63050: Atlas UI Basic Searching result sorting option not available on all Columns
  • CDPD-62128: Using centralised version of snappy-java in Search
  • CDPD-62095: Backport HIVE-27525 to CDP
  • CDPD-61742: Test failure: org.apache.spark.sql.hive.execution.HiveTableScanSuite.Spark-4077: timestamp query for null value
  • CDPD-60977: Hive - Upgrade Apache Ivy to 2.5.2 due to CVE-2022-46751
  • CDPD-60469: Impala log rotation not working on the old pid log files.
  • CDPD-59884: CLONE - Search - Upgrade sqlite-jdbc to 3.41.2.2+ due to CVE-2023-32697
  • CDPD-59365: CDPD - Upgrade Shiro to 1.12.0 due to CVE-2023-34478
  • CDPD-59364: Upgrade Shiro to 1.12.0 due to CVE-2023-34478
  • CDPD-58575: Phoenix Omid - Upgrade Guava to 32.0.1 due to CVE-2023-2976
  • CDPD-58047: Backport HIVE-23726 to CDP branches
  • CDPD-57667: Ranger policy delta issue causing intermittent permission deny for Hive and HDFS services
  • CDPD-57026: Upgrade sqlite-jdbc to 3.41.2.2+ due to CVE-2023-32697
  • CDPD-56752: IMPALA-12170 TestWebPage.test_webserver_hide_logs_link fails due to new /events link added in catalogd
  • CDPD-48853: Schemas created with the Confluent API cannot be viewed on the UI
  • CDPD-48162: Getting exception for wildcard (*) search for database and table name
  • CDPD-42684: Dropwizard version in cdpd
  • CDPD-41900: Phoenix - Upgrade Bouncy Castle to 1.70 due to medium CVEs
Table 1. Cloudera Runtime 7.1.8.55 (Cumulative Hotfix 18) download URL:
Parcel Repository Location
https://[username]:[password]@archive.cloudera.com/p/cdh7/7.1.8.55/parcels/

Technical Service Bulletin

TSB 2024-775: FileNotFoundException for Ozone Filesystem JAR during or after CDP installation or upgrade
A potential availability issue has been found with services that have an Ozone client dependency on the ozone-filesystem-hadoop3 fat JAR file when upgrading the Cloudera Data Platform (CDP) Private Cloud Base cluster from version 7.1.8 to 7.1.9. This issue may also affect service installations, runs, and restarts during or after the CDP Private Cloud Base installation or upgrade.
The following exception appears on the Cloudera Manager User Interface (UI) or in the log files of the respective service when an installation, upgrade or other operations fail due to this issue: `java.io.FileNotFoundException: /path/to/ozone-filesystem-hadoop3-<version>.jar (No such file or directory).
The failure is caused by the broken symbolic link: /var/lib/hadoop-hdfs/ozone-filesystem-hadoop3.jar. This issue arises if the hdfs user already exists on the node before the Cloudera Runtime parcel activation. When the hdfs user already exists on the node, the Cloudera Manager agent skips the initialization related to Hadoop Distributed File System (HDFS), which includes creating the /var/lib/hadoop-hdfs directory. As the path is not created, the symbolic link cannot be created during the parcel activation process. This results in a series of broken symbolic links that point to the Ozone binaries.
Knowledge article
For the latest update on this issue see the corresponding Knowledge Article: TSB 2024-775: FileNotFoundException for the Ozone FS JAR during or after installation or upgrade