Cumulative hotfix CDP PvC Base 7.1.8.59-4 (Cumulative hotfix22)

Know more about the cumulative hotfix 22 for 7.1.8. This cumulative hotfix was released on April 17, 2024.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.8-1.cdh7.1.8.p59.52400340

CDPD-68160: Backport IMPALA-10471 to 7.1.8
This fix ensures that the shutdown behaviour caused by SIGRTMIN is governed by the common shutdown_deadline_s flag. Previously, the deadline for shutdown by SIGRTMIN was fixed to one year and was independent of the flag.
CDPD-67864: Ranger - Upgrade Spring Security to 5.7.12/5.8.11/6.1.8/6.2.3 due to CVE-2024-22257
Upgraded the Spring security version to 5.7.12 due to CVE-2024-22257.
CDPD-67828: Hadoop - Upgrade Nimbus-JOSE-JWT to 9.37.3 due to CVE-2023-52428
Upgraded Nimbus-JOSE-JWT version to 9.37.3 due to CVE-2023-52428.
CDPD-67816, CDPD-49001: [Analyze] [Knox] [ST] Multiple tests fail on FIPS due one of the Knox instance restart fail
The Knox Gateway did not start due to a NullPointerException in the ClouderaManagerClusterConfigurationMonitor class. This occured when the previously persisted Cloudera Manager cluster configuration file was empty. This issue is now fixed by removing the content of the $KNOX_DATA_DIR/cm_clusters folder by running the rm -f /var/lib/knox/gateway/data/cm-clusters/* command.
CDPD-67750: Ranger - Upgrade Telemetry version to 1.36.0
Upgraded Telemetry version to 1.36.0.
CDPD-67749: Ranger - Upgrade protobuf-java version to 3.21.7 due to CVE-2022-3171
Upgraded protobuf-java version to 3.21.7 due to CVE-2022-3171
CDPD-67746: Ranger - Upgrade Nimbus-JOSE-JWT version to 9.37.3 due to CVE-2023-52428
Upgraded Nimbus-JOSE-JWT version to 9.31 due to CVE-2023-525-428.
CDPD-67744: Ranger - Exclude Apache Derby from ranger-rms module due to CVE-2022-46337
Excluded Apache Derby from the ranger-rms module due to CVE-2022-46337.
CDPD-67678: [7.1.8] Upgrade Gradle to 8
The Schema Registry component now compiles with Gradle 8 (instead of Gradle 6).
CDPD-67433: IMPALA-12878 TestResultSpoolingCancellation.test_cancellation failed in UBSAN build
A rare scenario where a query is closed, and then closed again (most clients prevent this happening), resulted in an error message Query not yet running. This fix restores the previous message Invalid or unknown query handle.
CDPD-67071: Backport HBASE-27230 to 7.1.8 CHF21

As per the design, write-ahead-log synchronization (WAL Sync) must succeed or abort and there is no failure state. But the region-server did not abort when WAL Sync issued a timeout exception. This issue is now fixed. The timeout for the Sync is set to five minutes and the region-server aborts when WAL Sync issues a timeout exception.

CDPD-66893: Hadoop - Upgrade moment.js to 2.29.4 due to CVE-2022-24785, CVE-2022-31129
Upgraded moment.js to 2.29.4 due to CVE-2022-24785 and CVE-2022-31129.
CDPD-66393: DAS - Upgrade json-smart to 2.4.10 due to CVE-2023-1370
Upgraded the Java library json-smart to 2.4.10 due to CVE-2023-2370.
CDPD-68619, CDPD-64369: Backport CatalogD performance improvement patches to private cloud
Improved Impala's event processor performance, that is, queries including refresh metadata, and alter partitions.
CDPD-61986: Parcel Impala-shell binaries won't work with non-standard Python 3 version
Impala-shell provided in CDP parcels now work with Python 3.8.
CDPD-53795: [Minor] Typo in error message
An incorrect message was displayed while creating a topic that already existed. An exception with a message [Error while getting kafka AdinClientResponse!] was issued while processing the request. This is now fixed and the correct error message Topic with name xyz already exists is now displayed.
Common Vulnerabilities and Exposures (CVE) that is fixed in this CHF:
Table 1. Cloudera Runtime 7.1.8.59 (Cumulative Hotfix 22) download URL:
Parcel Repository Location
https://[username]:[password]@archive.cloudera.com/p/cdh7/7.1.8.59/parcels/

Technical Service Bulletin

TSB 2024-775: FileNotFoundException for Ozone Filesystem JAR during or after CDP installation or upgrade
A potential availability issue has been found with services that have an Ozone client dependency on the ozone-filesystem-hadoop3 fat JAR file when upgrading the Cloudera Data Platform (CDP) Private Cloud Base cluster from version 7.1.8 to 7.1.9. This issue may also affect service installations, runs, and restarts during or after the CDP Private Cloud Base installation or upgrade.
The following exception appears on the Cloudera Manager User Interface (UI) or in the log files of the respective service when an installation, upgrade or other operations fail due to this issue: `java.io.FileNotFoundException: /path/to/ozone-filesystem-hadoop3-<version>.jar (No such file or directory).
The failure is caused by the broken symbolic link: /var/lib/hadoop-hdfs/ozone-filesystem-hadoop3.jar. This issue arises if the hdfs user already exists on the node before the Cloudera Runtime parcel activation. When the hdfs user already exists on the node, the Cloudera Manager agent skips the initialization related to Hadoop Distributed File System (HDFS), which includes creating the /var/lib/hadoop-hdfs directory. As the path is not created, the symbolic link cannot be created during the parcel activation process. This results in a series of broken symbolic links that point to the Ozone binaries.
Knowledge article
For the latest update on this issue see the corresponding Knowledge Article: TSB 2024-775: FileNotFoundException for the Ozone FS JAR during or after installation or upgrade