Cumulative hotfix CDP PvC Base 7.1.8.60-2 (Cumulative hotfix23)

Know more about the cumulative hotfix 23 for 7.1.8. This cumulative hotfix was released on May 09, 2024.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.8-1.cdh7.1.8.p60.52989425.

KT-7540: Keytrustee-keyhsm - Upgrade protobuf-java to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171
Upgraded the protobuf-java version to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171.
KT-7536: Keytrustee-keyhsm - Upgrade Jetty to 9.4.54.v20240208 due to CVE-2024-22201
Upgraded the Jetty version to 9.4.54.v20240208 due to CVE-2024-22201.
KT-7530: Keytrustee-keyhsm - Upgrade Spring Framework to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262
Upgraded the Spring Framework version to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262.
CDPD-69086: Backport CALCITE-6280 to 7.1.8 CHF23
There was a number leak of the Jetty's version while using the Avatica HTTP server. This issue is now resolved and the Avatica server no longer displays the Jetty version in HTTP responses.
CDPD-68944: set bcpkix-jdk15on version to 1.70+ in HBase
Upgraded the bcpkix-jdk15on library version to 1.70+ in HBase due to CVE-2019-17359.
CDPD-68843: Ranger [7.1.8 CHFx] - Upgrade Netty to 4.1.108.Final due to CVE-2024-29025
Upgraded the Netty version to 4.1.108 due to CVE-2024-29025.
CDPD-68807: Ranger - Upgrade Spring Framework to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262
Upgraded Spring Framework to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262.
CDPD-68737: Ranger - Upgrade Opensearch to 1.3.15 due to CVE-2023-45807
Upgraded Opensearch version to 1.3.15 due to CVE-2023-45807.
CDPD-68712: Zeppelin build failed because of the old phoenix-hbase-compat-2.2.5 artifact
Zeppelin build failed when using the old phoenix-hbase-compat-2.2.5 artifact. This issue is now fixed by using a newer version of phoenix-hbase-compat.
CDPD-68471: Atlas [7.1.8 CHFx] - Upgrade Netty to 4.1.108.Final due to CVE-2024-29025
Upgraded the Netty version to 4.1.108 due to CVE-2024-29025.
CDPD-68282: SMM UI - Upgrade Node JS version to 20.12.1 due to multiple CVEs
Upgraded the Node JS version to 20.12.1 due to various CVEs.
CDPD-67896: [718 CHF23] IMPALA-10399, IMPALA-11060, IMPALA-11788: Reset Ranger policy repository in an E2E test
Stabalized Impala's own authorization-related tests better.
CDPD-67803: Backport IMPALA-12189 to 7.1.8.x
The updateCatalog command did not release the catalog lock whenever createTblTransaction() threw exceptions. This issue is now resolved.
CDPD-67608: SMM - Upgrade Jetty to 9.4.54.v20240208 due to CVE-2024-22201
Upgraded the Jetty version to 9.4.54.v20240208 due to various CVEs
CDPD-67307: Upgrade NodeJS version to 20.11.1 due to CVEs
Upgraded the NodeJS version to 20.11.1 due to CVEs.
CDPD-67227: SMM - Upgrade Spring Framework to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262
Upgraded the Spring Framework to 6.1.6/6.0.19/5.3.34 due to various CVEs
CDPD-67124: SMM - Upgrade Hibernate-Validator to 6.2.5.Final due to CVE-2023-1932
Upgraded Hibernate-Validator to 6.2.5 due to CVE-2023-1932.
CDPD-67110: Ranger - Upgrade json-smart due to CVE-2023-1370
Upgraded json-smart due to CVE-2023-1370.
CDPD-66902: Backport HIVE-27406: Addendum: Query runtime optimization
Query runtime optimization part is now backported to maintenance releases.
CDPD-66668: Kafka_connect_ext - Upgrade commons-compress to 1.26.0 due to CVE-2023-42503, CVE-2024-25710 and CVE-2024-26308
Upgraded Commons-Compress version to 1.26.0 due to CVE-2023-42503, CVE-2024-25710 and CVE-2024-26308.
CDPD-66501: Ranger - Remove/Replace OpenSAML v3 due to EOL
Removed OpenSAML v3.4.5 due to EOL
CDPD-66169: Hadoop - Upgrade bcpkix-jdk15on to 1.70+ due to CVE-2019-17359
Upgraded the bcpkix-jdk15on library version to 1.70 to address CVE-2019-17359.
CDPD-61611: Impala stats blocks hive partitioned table rename
Removed the Hive Metastore (HMS) check on verifying stats change for Impala table rename.
Common Vulnerabilities and Exposures (CVE) that is fixed in this CHF:
Table 1. Cloudera Runtime 7.1.8.60 (Cumulative Hotfix 23) download URL:
Parcel Repository Location
https://[username]:[password]@archive.cloudera.com/p/cdh7/7.1.8.60/parcels/

Technical Service Bulletin

TSB 2024-775: FileNotFoundException for Ozone Filesystem JAR during or after CDP installation or upgrade
A potential availability issue has been found with services that have an Ozone client dependency on the ozone-filesystem-hadoop3 fat JAR file when upgrading the Cloudera Data Platform (CDP) Private Cloud Base cluster from version 7.1.8 to 7.1.9. This issue may also affect service installations, runs, and restarts during or after the CDP Private Cloud Base installation or upgrade.
The following exception appears on the Cloudera Manager User Interface (UI) or in the log files of the respective service when an installation, upgrade or other operations fail due to this issue: `java.io.FileNotFoundException: /path/to/ozone-filesystem-hadoop3-<version>.jar (No such file or directory).
The failure is caused by the broken symbolic link: /var/lib/hadoop-hdfs/ozone-filesystem-hadoop3.jar. This issue arises if the hdfs user already exists on the node before the Cloudera Runtime parcel activation. When the hdfs user already exists on the node, the Cloudera Manager agent skips the initialization related to Hadoop Distributed File System (HDFS), which includes creating the /var/lib/hadoop-hdfs directory. As the path is not created, the symbolic link cannot be created during the parcel activation process. This results in a series of broken symbolic links that point to the Ozone binaries.
Knowledge article
For the latest update on this issue see the corresponding Knowledge Article: TSB 2024-775: FileNotFoundException for the Ozone FS JAR during or after installation or upgrade