Cumulative hotfix CDP PvC Base 7.1.8.61-1 (Cumulative hotfix24)

Know more about the cumulative hotfix 24 for CDP 7.1.8. This cumulative hotfix was released on May 28, 2024.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.8-1.cdh7.1.8.p61.53483863.

COMPX-16624: YARN-11191 Global Scheduler refreshQueue caused deadLock
Fixed a potential deadlock in the preemption manager (refreshQueue).
COMPX-16616: YARN-11684 PriorityQueueComparator violates general contract
Fixed the Comparison method violates its general contract error in the PriorityUtilizationQueueOrderingPolicy.
CDPD-69814, CDPD-69816, CDPD-69811, CDPS-69629, CDPD-69628: test_refresh_invalidate_events failed after IMPALA-11808 due to missing IMPALA-8592
Fixed an issue caused by incorrectly resolved merge conflict while backporting Impala patches.
CDPD-69579: Backport PHOENIX-6687 to 7.1.8 CHF24
The region server hosting the SYSTEM.CATALOG, failed to serve metadata requests as default handler pool threads were exhausted. This issue is now resolved.
CDPD-69310: [7.1.8 CHF24 CLONE] - Enhance handling of subAccess authorization in Ranger HDFS plugin
Enhanced the handling of subAccess authorization in Ranger HDFS plugin.
CDPD-69271: Ranger override policy is not working
The override policy in Ranger was not working after an upgrade. This issue is now resolved.
CDPD-69000: Backport Impala's event processor critical fixes to CDH-7.1.8.x branch
Critical fixes are backported to Impala's event processor.
CDPD-68796: Zeppelin - Upgrade Apache Maven to 3.8.6 due to CVE-2021-26291
Upgraded the Apache Maven version to 3.8.6 to resolve CVE-2021-26291. Now, HTTP (non-SSL) repository references in Project Object Model (POM) files are no longer followed, thereby mitigating the risks of malicious code injection.
CDPD-68683: The Table Browser should not fetch column comments for each column
A table with thousand of columns did not respond in Table Browser. This issue is now resolved.
CDPD-68596: IMPALA-12969 DeserializeThriftMsg may leak JNI resources
In Java Native Interface (JNI) GetByteArrayElements must be followed by a ReleaseByteArrayElements call, but this did not occur when there was an error during deserialization. This issue is now resolved.
CDPD-68489: Ranger - Upgrade jline version to 3.25.1 due to CVE-2023-50572
Upgraded the jline version to 3.25.1 due to CVE-2023-50572.
CDPD-68256: CDPD - Upgrade commons-configuration2 to 2.10.1 due to CVE-2024-29133 and CVE-2024-29131
Upgraded the commons-configuration2 package version to 2.10.1 due to CVE-2024-29133 and CVE-2024-29131.
CDPD-68255: Ozone - Upgrade commons-configuration2 to 2.10.1 due to CVE-2024-29133 and CVE-2024-29131
Upgraded commons-configuration2 package version to 2.10.1 due to CVE-2024-29133 and CVE-2024-29131.
CDPD-67224: Ozone - Upgrade Spring Framework to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262
Upgraded the Spring Framework version to 5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262.
CDPD-64234: Ozone - Upgrade Apache Derby to 10.17.1.0 due to CVE-2022-46337
Upgraded the Apache Derby version to 10.14.3.0 due to CVE-2022-46337.

There are no Common Vulnerabilities and Exposures (CVE) fixed in this release.

Table 1. Cloudera Runtime 7.1.8.61 (Cumulative Hotfix 24) download URL:
Repository Location
https://[username]:[[***PASSWORD***]]@archive.cloudera.com/p/cdh7/7.1.8.61/parcels/

Technical Service Bulletin

TSB 2024-775: FileNotFoundException for Ozone Filesystem JAR during or after CDP installation or upgrade
A potential availability issue has been found with services that have an Ozone client dependency on the ozone-filesystem-hadoop3 fat JAR file when upgrading the Cloudera Data Platform (CDP) Private Cloud Base cluster from version 7.1.8 to 7.1.9. This issue may also affect service installations, runs, and restarts during or after the CDP Private Cloud Base installation or upgrade.
The following exception appears on the Cloudera Manager User Interface (UI) or in the log files of the respective service when an installation, upgrade or other operations fail due to this issue: `java.io.FileNotFoundException: /path/to/ozone-filesystem-hadoop3-<version>.jar (No such file or directory).
The failure is caused by the broken symbolic link: /var/lib/hadoop-hdfs/ozone-filesystem-hadoop3.jar. This issue arises if the hdfs user already exists on the node before the Cloudera Runtime parcel activation. When the hdfs user already exists on the node, the Cloudera Manager agent skips the initialization related to Hadoop Distributed File System (HDFS), which includes creating the /var/lib/hadoop-hdfs directory. As the path is not created, the symbolic link cannot be created during the parcel activation process. This results in a series of broken symbolic links that point to the Ozone binaries.
Knowledge article
For the latest update on this issue see the corresponding Knowledge Article: TSB 2024-775: FileNotFoundException for the Ozone FS JAR during or after installation or upgrade