Cumulative hotfix CDP PvC Base 7.1.8.11-3 (Cumulative hotfix3)

Know more about the cumulative hotfix 3 for 7.1.8. This cumulative hotfix was released on December 14, 2022.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.8-1.cdh7.1.8.p11.35002917
  • CDPD-16009 Hadoop - Bump netty3 dependency up to netty4

  • CDPD-31901 Impala's access to Ozone is single-threaded
  • CDPD-41346 impala-shell package can not be used with python 3
  • CDPD-41725 Phoenix - Upgrade Apache Ant to 1.10.12 due to high CVEs
  • CDPD-41895 HBase - Upgrade Bouncy Castle to 1.70 due to medium CVEs
  • CDPD-42025 Impala - Upgrade jackson-databind to 2.13.3 due to high CVEs
  • CDPD-42091 Avatica - Upgrade JUnit to 4.13.2 due to medium CVEs
  • CDPD-43490 Hive Security - Upgrade jackson-databind to 2.12.7.1 due to critical CVEs
  • CDPD-43510 Hive Security - Upgrade Scala to 2.13.8 due to high CVEs
  • CDPD-44880 RMS fails to process table rename correctly.
  • CDPD-45206 Avatica - Upgrade Kerby from 1.1.1 to 2.0.2+
  • CDPD-45247 RMS fails to process Alter operation on Managed tables when table is renamed
  • CDPD-45288 RMS fails to process Alter operation on External tables when hdfs path of a table is updated
  • CDPD-45375 Atlas :- Upgrade snakeyaml to 1.32 due to high CVEs
  • CDPD-45387 Knox - Upgrade snakeyaml to 1.32 due to high CVEs
  • CDPD-45533 AuditFileSpool logs out all events that were not audited successfully
  • CDPD-45575 Zeppelin - Upgrade jettison to 1.5.1 due to CVE-2022-40149, CVE-2022-40150
  • CDPD-45845 Schema Registry - Upgrade Scala to 2.13.9 due to CVE-2022-36944
  • CDPD-45862 yarn - Upgrade DataTables to 1.11.5 due to high CVEs
  • CDPD-45899 [7.1.8 CHF3 CLONE] - RMS fails to process table rename correctly.
  • CDPD-45900 [7.1.8 CHF3 CLONE] - RMS fails to process Alter operation on Managed tables when table is renamed
  • CDPD-45901 [7.1.8 CHF3 CLONE] - RMS fails to process Alter operation on External tables when hdfs path of a table is updated
  • CDPD-45987 Backport HIVE-26633 to CDH-7.1.8.x
  • CDPD-46025 [7.1.8 CHF2/3 CLONE] - change sync_source column datatype from varchar to text
  • CDPD-46026 [718 CHF3 CLONE] - Upgrade jquery-ui to 1.13.2
  • CDPD-46131 Fix table creation with HMS Integration
  • CDPD-46223 [7.1.8 CHF3 ] : Add 'preload' directive to HSTS header
  • CDPD-46369 [7.1.8 CHF3 CLONE] - Ranger service Failure [python3]
  • CDPD-46409 Atlas - Upgrade Spring-security to 5.6.9/ 5.7.5 due to CVE-2022-31692, CVE-2022-31690
  • CDPD-46421 [7.1.8 CHF3 CLONE] - Ranger - Upgrade Spring-security to 5.6.9/ 5.7.5 due to CVE-2022-31692, CVE-2022-31690
  • CDPD-46488 Backport Ozone bug fixes to enable Impala for Mastercard in 7.1.8 CHF3 [Ozone side]
  • CDPD-46495 [7.1.8 CHF3 CLONE] Upgrade snakeyaml to 1.32 in ranger-plugins-audit
  • CDPD-46498 [7.1.8 CHF3 CLONE] Ranger - Upgrade jettison to 1.5.1 due to CVE-2022-40149, CVE-2022-40150
  • CDPD-46525 [7.1.8 CHF3] [RANGER-3913] Reduce number of calls to FilenameUtils.wildcardMatch() when evaluating resource matching
  • CDPD-46530 Spark - Upgrade Apache Ivy to 2.5.1 due to CVE-2022-37865, CVE-2022-37866
  • CDPD-46531 CPX, config-service 7.1.8 CHF3 - Upgrade dropwizard and jackson
  • CDPD-46532 PvC - WEBHDFS operation on Namenode UI via knox fails when HDFS in HA
  • CDPD-46569 Atlas - Upgrade Apache Ivy to 2.5.1 due to CVE-2022-37865, CVE-2022-37866
  • CDPD-46580 [7.1.8 CHF3 CLONE] Ranger - Upgrade protobuf-java to 3.21.7 due to CVE-2022-3171
  • CDPD-46628 Phoenix - Exclude Tomcat Embed Core from Apache Thrift due to high CVEs
  • CDPD-46666 Knox - Upgrade commons-codec to 1.13 or higher
  • CDPD-46670 SRM - Upgrade commons-codec to 1.13 or higher
  • CDPD-46673 Kafka_connect_ext - Upgrade commons-codec to 1.13 or higher
  • CDPD-46675 Hbase - Upgrade commons-codec to 1.13 or higher
  • CDPD-46679 Impala - Upgrade Woodstox to 5.4.0/6.4.0 due to multiple CVEs
  • CDPD-46739 [7.1.8 CHF3 CLONE] - Ranger - Upgrade Woodstox to 5.4.0/6.4.0 due to multiple CVEs
  • CDPD-46740 [7.1.8 CHF3 CLONE] - Ranger - Upgrade wildfly-openssl to 1.1.3.Final/1.1.3.Final+ due to CVE-2020-25644
  • CDPD-46741 [7.1.8 CHF3 CLONE] - Ranger - Upgrade commons-codec to 1.13 or higher
  • CDPD-46746 [7.1.8 CHF3 CLONE] - AuditFileSpool logs out all events that were not audited successfully
  • CDPD-46768 Dependency convergence error in Zeppelin due to stax2-api from Hadoop
  • CDPD-46779 Fix requirements.txt logic for Python3 project which includes PPC and nonPPC platform
  • CDPD-46805 [7.1.8 CHF 3] - Restrict scripts from accessing Java classes and methods
  • CDPD-46827 Add virtualenv-make-relocatable in the pip install
  • CDPD-46875 Improve Hue PPC build script and RPM spec file
  • CDPD-46877 Backport 'HDDS-7453. Check certificate expiration at service startup, renew if necessary'
  • CDPD-46891 Python files in phoenix-queryserver are not compatible with python3
  • CDPD-46943 Schemaregistry needs an upgrade due to EOL and CVEs on jackson-mapper-asl
  • CDPD-46945 Backport HIVE-26481 to CDH-7.1.8.x
  • CDPD-46958 Backport HIVE-26761 to CDH-7.1.8.x
  • CDPD-46987 In Hue Makefile, pin specific pip, virtualenv python packages version
  • CDPD-47037 RM UI redirect link to the Spark3 History Server fails
  • CDPD-47056 Fix Ranger TagRest API deleteTagResourceMapByGuid
  • CDPD-47107 Multiple Oozie unit tests fails after netty upgrade on 7.1.7.2000
  • COMPX-12488 Queue Manager 7.1.8 CHF3 - Upgrade jackson-databind to 2.13.3 due to high CVEs
  • COMPX-12560 Fix JSON formatting in the RM tests
  • KT-7410 - [7.1.8 CHF3] - Key HSM - Upgrade jackson-databind to 2.13.3 due to high CVEs

  • KT-7421- [7.1.8 CHF3] Keytrustee-keyhsm - Upgrade commons-codec to 1.13 or higher

  • KT-7423- Key HSM - Upgrade Spring Framework, google-gson, Bouncy Castle and Jetty due to CVEs

  • CDPD-41758 HBase - Upgrade Apache Commons BeanUtils to 1.9.4 due to high CVEs
  • CDPD-42043 CDPD - Upgrade jackson-databind to 2.12.7.1 due to CVEs
  • CDPD-44768 CDPD-44399 Migrate to reload4j in the search repository
  • CDPD-45376 Hadoop - Upgrade snakeyaml to 1.32 due to high CVEs
  • CDPD-45963 Oozie and Sqoop CVE backport from 7.1.7 SP2 to 7.1.8 CHF 3 umbrella ticket
  • CDPD-46822 CDPD-46610 Ozone - Upgrade woodstox on branch CDH-7.1.8.x
  • CDPD-40475 Upgrade Spring Framework to 5.3.20 due to CVE-2022-22971, CVE-2022-22970, CVE-2022-22968
  • CDPD-46894 Replace JUnit5 assertEquals with JUnit4 in TestSSLZookeeperFactoryArguments
    Table 1. Cloudera Runtime 7.1.8.11 (Cumulative Hotfix 3) download URL:
    Parcel Repository Location
    https://[username]:[password]@archive.cloudera.com/p/cdh7/7.1.8.11/parcels/

Technical Service Bulletin

TSB 2024-775: FileNotFoundException for Ozone Filesystem JAR during or after CDP installation or upgrade
A potential availability issue has been found with services that have an Ozone client dependency on the ozone-filesystem-hadoop3 fat JAR file when upgrading the Cloudera Data Platform (CDP) Private Cloud Base cluster from version 7.1.8 to 7.1.9. This issue may also affect service installations, runs, and restarts during or after the CDP Private Cloud Base installation or upgrade.
The following exception appears on the Cloudera Manager User Interface (UI) or in the log files of the respective service when an installation, upgrade or other operations fail due to this issue: `java.io.FileNotFoundException: /path/to/ozone-filesystem-hadoop3-<version>.jar (No such file or directory).
The failure is caused by the broken symbolic link: /var/lib/hadoop-hdfs/ozone-filesystem-hadoop3.jar. This issue arises if the hdfs user already exists on the node before the Cloudera Runtime parcel activation. When the hdfs user already exists on the node, the Cloudera Manager agent skips the initialization related to Hadoop Distributed File System (HDFS), which includes creating the /var/lib/hadoop-hdfs directory. As the path is not created, the symbolic link cannot be created during the parcel activation process. This results in a series of broken symbolic links that point to the Ozone binaries.
Knowledge article
For the latest update on this issue see the corresponding Knowledge Article: TSB 2024-775: FileNotFoundException for the Ozone FS JAR during or after installation or upgrade