Cloudera Docs

Cumulative hotfix CDP PvC Base 7.1.8.8-3 (Cumulative hotfix2)

Know more about the cumulative hotfix 2 for 7.1.8. This cumulative hotfix was released on November 28, 2022.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.8-1.cdh7.1.8.p8.34508617

  • CDPD-45893 - Arrow - Upgrade to jackson 2.12.7

  • CDPD-46242 - Atlas - Upgrade Apache Commons Text to 1.10.0 due to CVE-2022-42889 for 7.1.8-CHF2

  • CDPD-42049 - Avatica - Upgrade Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server to 9.4.48.v20220622/11.0.11 due to medium CVEs

  • CDPD-42015 Avatica - Upgrade jackson-databind to 2.12.7 due to high CVEs

  • CDPD-45733 - CDPD - Upgrade Apache Commons Text to 1.10.0 due to CVE-2022-42889

  • CDPD-42104 - CDPD - Upgrade JUnit to 4.13.2 due to medium CVEs

  • CDPD-45726 - Upgrade Shiro to 1.10.0 due to CVE-2022-40664

  • CDPD-37401 Upgrade Spring Framework to 5.3.18 due to CVE-2022-22963, CVE-2022-22965

  • CDPD-45727 - CDPD - Upgrade Shiro to 1.10.0 due to CVE-2022-40664

  • CDPD-45853 - Cruise Control - Upgrade Scala to 2.13.9 due to CVE-2022-36944

  • CDPD-45803 - Cruise Control - Upgrade kotlin to 1.6.0 or later due to CVE-2022-24329 for SP2

  • CDPD-42021 - Curator - Upgrade jackson-databind to 2.13.3 due to high CVEs

  • CDPD-42408 Curator - Upgrade RESTEasy to 2.3.23.Final-redhat-1/3.15.3.Final-redhat-00001 due to high CVEs

  • CDPD-41932 - DAS - Upgrade google-gson to 2.9.0 due to high CVEs

  • CDPD-42018 - DAS - Upgrade jackson-databind to 2.12.7.1 or 2.13.4.2 due to high CVEs

  • CDPD-42068 - DAS - Upgrade json-smart to 2.4.8 due to critical CVEs

  • CDPD-26797 - DAS - Upgrade Apache Commons Text to 1.10.0 due to CVE-2022-42889

  • CDPD-46258 - Build fails (hadoop pipes) on newer Linux envs - Sles15 Sp4

  • CDPD-46149 - sonatype-2022-5732- hadoop-hdfs-client is vulnerable to XML External Entity (XXE) attacks

  • CDPD-45571 - Hadoop - Upgrade jettison to 1.5.1 due to CVE-2022-40149, CVE-2022-40150

  • CDPD-46788 - Backport HADOOP-18484 to branch CDH-7.1.8.x

  • CDPD-45910 - Modify slf4j-log4j12 symlinks to point to the correct log4j/reload4j binding

  • CDPD-46366 - Disable prefetching/readahead in AbfsInputStream.

  • CDPD-41933 - HBase - Upgrade google-gson to 2.9.0 due to high CVEs

  • CDPD-46404 COD Cluster creation is failing due to reload4j dependency

  • CDPD-42178 - HBase - Upgrade Spring Framework to 4.3.30.RELEASE/5.3.21 due to critical CVEs

  • CDPD-46553 - Hbase-solr - Upgrade protobuf-java to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171

  • CDPD-44769 - migrate to reload4j in the hbase-indexer repository

  • CDPD-45443 Backport HIVE-25848: Empty result for structs in point lookup optimization with vectorization on

  • CDPD-45199 - Hive - Prepare for Hadoop switching to Reload4j

  • CDPD-40779 - Hive - Upgrade netty to 4.1.77 due to CVE-2022-24823

  • CDPD-43485 - Hive Security - Upgrade Bouncy Castle to 1.70 due to high CVEs

  • CDPD-45572 - Hive - Upgrade jettison to 1.5.1 due to CVE-2022-40149, CVE-2022-40150

  • CDPD-46475 Backport HIVE-26612 to CDH-7.1.8.x

  • CDPD-45911 - Backport HIVE-22978 to to CDH-7.1.8.x

  • CDPD-45685 Backport HIVE-22746 to to CDH-7.1.8.x

  • CDPD-46588 Backport HIVE-24188 to CDH-7.1.8.x

  • CDPD-46589 Backport HIVE-25813 to CDH-7.1.8.x

  • CDPD-46598 - Backport ORC-203 to CDH-7.1.8.x

  • CDPD-46623 - Backport ORC-422 to CDH-7.1.8.x

  • CDPD-46764 Fix qtest output for HIVE after ORC-203 on CDH-7.1.8.x

  • CDPD-46590 - Backport HIVE-26352 to CDH-7.1.8.x

  • CDPD-46591 - Backport HIVE-26433 to CDH-7.1.8.x

  • CDPD-46596 Backport ORC-1078 to CDH-7.1.8.x

  • CDPD-45987 - Backport HIVE-26633 to CDH-7.1.8.x

  • CDPD-46604 Backport CDPD-33992 to 7.1.8 CHF2

  • CDPD-46605 - Backport CDPD-45134 to 7.1.8 CHF2

  • CDPD-45826 - Hue - Upgrade Apache Commons Text to 1.10.0 due to CVE-2022-42889

  • CDPD-45954 - Backport IMPALA-11674 to 7.1.8 cumulative hotfix

  • CDPD-45993 Backport IMPALA-10821 to 7.1.8 to fix a test failure due to IMPALA-9338

  • CDPD-46726 - Backport Impala changes of HOTFIX-5356 to 7.1.8 CHF2

  • CDPD-46303 - Backport IMPALA-11669 to 7.1.8 cumulative hotfix

  • CDPD-46405 - Backport IMPALA-11669 to 7.1.8 cumulative hotfix

  • CDPD-44372 - Impala - Upgrade Spring Framework to 5.3.20 due to multiple CVEs

  • CDPD-46032 Backport Impala changes of HOTFIX-5335 to 7.1.8.x

  • CDPD-43860 Impala - Upgrade postgresql to 42.2.26 / 42.4.1 due to CVE-2022-31197

  • CDPD-45846 - Kafka - Upgrade Scala to 2.13.9 due to CVE-2022-36944

  • CDPD-45804 Kafka Connect - Upgrade kotlin to 1.6.0 or later due to CVE-2022-24329 for SP2

  • CDPD-42947 - Replace log4j1 to reload4j

  • CDPD-42028 Knox - Upgrade jackson-databind to 2.13.3 due to high CVEs

  • CDPD-45349 Server Side Request Forgery - Knox - Host Parameter

  • CDPD-45191 - Login on Knox UI doesn't work when the password contains special character

  • CDPD-45764 - Knox - Upgrade Apache Commons Text to 1.10.0 due to CVE-2022-42889

  • CDPD-45588 Failover for kudu master is not working due to kudu-3387

  • CDPD-46508 Backport ORC-438 to to CDH-7.1.8.x

  • CDPD-46663 Ozone - Upgrade commons-codec to 1.13 or higher

  • CDPD-42156 - Ozone - Upgrade Protocol Buffer Java API to 2.6.1/3.21.2 due to medium CVEs

  • CDPD-46452 - CVEs in Prometheus/Go

  • CDPD-29099 - Ozone - Replace log4j 1.x with reload4j

  • CDPD-42030 - Ozone - Upgrade jackson-databind to 2.12.7.1 or 2.13.4.2 due to high CVEs

  • CDPD-45377 Ozone - Upgrade snakeyaml to 1.32 due to high CVEs

  • CDPD-42367 - Ozone - Upgrade Jersey to 2.36/3.0.5 due to medium CVEs

  • CDPD-41947 - Phoenix - Upgrade google-gson to 2.9.0 due to high CVEs

  • CDPD-46304 Set explicit netty dependency for Phoenix Omid for testing

  • CDPD-46046 Phoenix Omid - Replace log4j 1.x with reload4j

  • CDPD-46524 Disable endlessly running test in omid

  • CDPD-45382 Phoenix Omid - Upgrade snakeyaml to 1.32 due to high CVEs

  • CDPD-42057 - Phoenix - Upgrade Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server to 9.4.48.v20220622/11.0.11 due to critical CVEs

  • CDPD-42031 - Phoenix - Upgrade jackson-databind to 2.12.7.1 or 2.13.4.2 due to critical CVEs

  • CDPD-29100 - Phoenix - Replace log4j 1.x with reload4j

  • CDPD-45390 CPX - Upgrade snakeyaml to 1.33 due to high CVEs

  • CDPD-46618 CPX- Upgrade jersey to 2.35/3.0.2 due to CVE

  • CDPD-46629 - [Config Service] Upgrade Apache Commons Text to 1.10.0 due to CVE

  • CDPD-46059 - Backport RANGER-3916 (Ranger UI fails to open when the Ranger admin domain name includes "service" keyword in it.) to 7.1.8 CHF2

  • CDPD-46490 - 7.1.8 CHF2 CLONE - Ranger - Upgrade opencsv to 5.7.1 to stop pulling affected version of commons-text

  • CDPD-46025 [7.1.8 CHF2/3 CLONE] - change sync_source column datatype from varchar to text

  • CDPD-46850 - Starting Ranger RMS fails with NoClassDefFoundError

  • CDPD-46058 Backport RANGER-3864 (Spurious creation of service-resource objects in Ranger) to 7.1.8 CHF2

  • CDPD-47056 - Fix Ranger TagRest API deleteTagResourceMapByGuid

  • CDPD-42163 - Ratis - Upgrade Protocol Buffer Java API to 2.6.1/3.21.2 due to medium CVEs

  • CDPD-41951 - Ratis - Upgrade google-gson to 2.9.0 due to high CVEs

  • CDPD-46068 - Backport CDPD-18529 to CDP 7.1.8.x

  • CDPD-46006 - Schema Registry - Upgrade Apache Commons Text to 1.10.0 due to CVE-2022-42889

  • CDPD-46555 Search - Upgrade protobuf-java to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171

  • CDPD-45765 SMM - Upgrade Apache Commons Text to 1.10.0 due to CVE-2022-42889

  • CDPD-45378 - SMM - Upgrade snakeyaml to 1.32 due to high CVEs

  • CDPD-46554 - Solr - Upgrade protobuf-java to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171

  • CDPD-45967 - Solr - Upgrade hsqldb to 2.7.1 due to CVE-2022-41853

  • CDPD-17800 Use external version of commons-text in Solr

  • CDPD-45380 Spark - Upgrade snakeyaml to 1.32 due to high CVEs // 7.1.8 CHF2

  • CDPD-46189 - Spark should use the common external version of "io.dropwizard.metrics"

  • CDPD-46306 - CVE-2022-31777: Apache Spark XSS vulnerability in log viewer UI Javascript

  • CDPD-46096 - Backport CDPD-44019 to 7.1.8 cumulative hotfix

  • CDPD-42038 - Spark Atlas Connector - Upgrade jackson-databind to 2.13.3 due to critical CVEs

  • CDPD-44440 Hadoop - Upgrade jquery-ui to 1.13.2 due to CVE-2022-31160

  • CDPD-41909 - Zeppelin - Upgrade Bouncy Castle to 1.70 due to medium CVEs

  • CDPD-45885 Zeppelin - Upgrade Spring Framework to 5.3.21 due to CVEs - for 7.1.8 CHF

  • CDPD-42042 - Zeppelin - Upgrade jackson-databind to 2.12.7.1 or 2.13.4.2 due to high CVEs

  • CDPD-41780 - Zeppelin - Upgrade Apache Commons Compress to 1.21.0 due to high CVEs

  • CDPD-32180 - Zeppelin - Upgrade spring-security version to 5.3.8.RELEASE due to CVE

  • CDPD-29105 - Zookeeper - Replace log4j 1.x with reload4j

  • COMPX-12340 CPX [Config-Store]Upgrade snakeyaml to 1.33 due to high CVEs

  • COMPX-12246 - Config Service - Upgrade Apache Commons Text to 1.10.0 due to CVE-2022-42889

  • COMPX-12228 QM - Upgrade jersey to 2.35 / 3.0.2 due to CVE-2021-28168

  • COMPX-12341 CPX [QM]Upgrade snakeyaml to 1.33 due to high CVEs

  • COMPX-12391 QM 7.1.8 CHF2 - Delete queue throws error when custom placement is set with queue name in Queue Manager

  • TSB 2022-640 - Apache Hive job fails with large partitioned tables

Table 1. Cloudera Runtime 7.1.8.8 (Cumulative Hotfix 2) download URL:
Parcel Repository Location 
https://[username]:[password]@archive.cloudera.com/p/cdh7/7.1.8.2/parcels/