Cumulative hotfix CDP PvC Base 7.1.8.60-2 (Cumulative hotfix23)

Know more about the cumulative hotfix 23 for 7.1.8. This cumulative hotfix was released on May 09, 2024.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.8-1.cdh7.1.8.p60.52989425.

KT-7540: Keytrustee-keyhsm - Upgrade protobuf-java to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171: Upgraded the protobuf-java version to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171.
KT-7536: Keytrustee-keyhsm - Upgrade Jetty to 9.4.54.v20240208 due to CVE-2024-22201: Upgraded the Jetty version to 9.4.54.v20240208 due to CVE-2024-22201.
KT-7530: Keytrustee-keyhsm - Upgrade Spring Framework to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262: Upgraded the Spring Framework version to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262.
CDPD-69086: Backport CALCITE-6280 to 7.1.8 CHF23: There was a number leak of the Jetty's version while using the Avatica HTTP server. This issue is now resolved and the Avatica server no longer displays the Jetty version in HTTP responses.
CDPD-68944: set bcpkix-jdk15on version to 1.70+ in HBase: Upgraded the bcpkix-jdk15on library version to 1.70+ in HBase due to CVE-2019-17359.
CDPD-68843: Ranger [7.1.8 CHFx] - Upgrade Netty to 4.1.108.Final due to CVE-2024-29025: Upgraded the Netty version to 4.1.108 due to CVE-2024-29025.
CDPD-68807: Ranger - Upgrade Spring Framework to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262: Upgraded Spring Framework to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262.
CDPD-68737: Ranger - Upgrade Opensearch to 1.3.15 due to CVE-2023-45807: Upgraded Opensearch version to 1.3.15 due to CVE-2023-45807.
CDPD-68712: Zeppelin build failed because of the old phoenix-hbase-compat-2.2.5 artifact: Zeppelin build failed when using the old phoenix-hbase-compat-2.2.5 artifact. This issue is now fixed by using a newer version of phoenix-hbase-compat.
CDPD-68471: Atlas [7.1.8 CHFx] - Upgrade Netty to 4.1.108.Final due to CVE-2024-29025: Upgraded the Netty version to 4.1.108 due to CVE-2024-29025.
CDPD-68282: SMM UI - Upgrade Node JS version to 20.12.1 due to multiple CVEs: Upgraded the Node JS version to 20.12.1 due to various CVEs.
CDPD-67896: [718 CHF23] IMPALA-10399, IMPALA-11060, IMPALA-11788: Reset Ranger policy repository in an E2E test: Stabalized Impala's own authorization-related tests better.
CDPD-67803: Backport IMPALA-12189 to 7.1.8.x: The updateCatalog command did not release the catalog lock whenever createTblTransaction() threw exceptions. This issue is now resolved.
CDPD-67608: SMM - Upgrade Jetty to 9.4.54.v20240208 due to CVE-2024-22201: Upgraded the Jetty version to 9.4.54.v20240208 due to various CVEs
CDPD-67307: Upgrade NodeJS version to 20.11.1 due to CVEs: Upgraded the NodeJS version to 20.11.1 due to CVEs.
CDPD-67227: SMM - Upgrade Spring Framework to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262: Upgraded the Spring Framework to 6.1.6/6.0.19/5.3.34 due to various CVEs
CDPD-67124: SMM - Upgrade Hibernate-Validator to 6.2.5.Final due to CVE-2023-1932: Upgraded Hibernate-Validator to 6.2.5 due to CVE-2023-1932.
CDPD-67110: Ranger - Upgrade json-smart due to CVE-2023-1370: Upgraded json-smart due to CVE-2023-1370.
CDPD-66902: Backport HIVE-27406: Addendum: Query runtime optimization: Query runtime optimization part is now backported to maintenance releases.
CDPD-66668: Kafka_connect_ext - Upgrade commons-compress to 1.26.0 due to CVE-2023-42503, CVE-2024-25710 and CVE-2024-26308: Upgraded Commons-Compress version to 1.26.0 due to CVE-2023-42503, CVE-2024-25710 and CVE-2024-26308.
CDPD-66501: Ranger - Remove/Replace OpenSAML v3 due to EOL: Removed OpenSAML v3.4.5 due to EOL
CDPD-66169: Hadoop - Upgrade bcpkix-jdk15on to 1.70+ due to CVE-2019-17359: Upgraded the bcpkix-jdk15on library version to 1.70 to address CVE-2019-17359.
CDPD-61611: Impala stats blocks hive partitioned table rename: Removed the Hive Metastore (HMS) check on verifying stats change for Impala table rename.

Common Vulnerabilities and Exposures (CVE) that is fixed in this CHF:

CVE-2021-35515 - Commons-Compress
CVE-2021-35516 - Commons-Compress
CVE-2021-35517 - Commons-Compress
CVE-2021-36090 - Commons-Compress

Table 1. Cloudera Runtime 7.1.8.60 (Cumulative Hotfix 23) download URL:
Parcel Repository Location
`https://[username]:[password]@archive.cloudera.com/p/cdh7/7.1.8.60/parcels/`