Cumulative hotfix CDP PvC Base 7.1.8.11-3 (Cumulative hotfix3)

Know more about the cumulative hotfix 3 for 7.1.8. This cumulative hotfix was released on December 14, 2022.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.8-1.cdh7.1.8.p11.35002917

CDPD-16009 Hadoop - Bump netty3 dependency up to netty4
CDPD-31901 Impala's access to Ozone is single-threaded
CDPD-41346 impala-shell package can not be used with python 3
CDPD-41725 Phoenix - Upgrade Apache Ant to 1.10.12 due to high CVEs
CDPD-41895 HBase - Upgrade Bouncy Castle to 1.70 due to medium CVEs
CDPD-42025 Impala - Upgrade jackson-databind to 2.13.3 due to high CVEs
CDPD-42091 Avatica - Upgrade JUnit to 4.13.2 due to medium CVEs
CDPD-43490 Hive Security - Upgrade jackson-databind to 2.12.7.1 due to critical CVEs
CDPD-43510 Hive Security - Upgrade Scala to 2.13.8 due to high CVEs
CDPD-44880 RMS fails to process table rename correctly.
CDPD-45206 Avatica - Upgrade Kerby from 1.1.1 to 2.0.2+
CDPD-45247 RMS fails to process Alter operation on Managed tables when table is renamed
CDPD-45288 RMS fails to process Alter operation on External tables when hdfs path of a table is updated
CDPD-45375 Atlas :- Upgrade snakeyaml to 1.32 due to high CVEs
CDPD-45387 Knox - Upgrade snakeyaml to 1.32 due to high CVEs
CDPD-45533 AuditFileSpool logs out all events that were not audited successfully
CDPD-45575 Zeppelin - Upgrade jettison to 1.5.1 due to CVE-2022-40149, CVE-2022-40150
CDPD-45845 Schema Registry - Upgrade Scala to 2.13.9 due to CVE-2022-36944
CDPD-45862 yarn - Upgrade DataTables to 1.11.5 due to high CVEs
CDPD-45899 [7.1.8 CHF3 CLONE] - RMS fails to process table rename correctly.
CDPD-45900 [7.1.8 CHF3 CLONE] - RMS fails to process Alter operation on Managed tables when table is renamed
CDPD-45901 [7.1.8 CHF3 CLONE] - RMS fails to process Alter operation on External tables when hdfs path of a table is updated
CDPD-45987 Backport HIVE-26633 to CDH-7.1.8.x
CDPD-46025 [7.1.8 CHF2/3 CLONE] - change sync_source column datatype from varchar to text
CDPD-46026 [718 CHF3 CLONE] - Upgrade jquery-ui to 1.13.2
CDPD-46131 Fix table creation with HMS Integration
CDPD-46223 [7.1.8 CHF3 ] : Add 'preload' directive to HSTS header
CDPD-46369 [7.1.8 CHF3 CLONE] - Ranger service Failure [python3]
CDPD-46409 Atlas - Upgrade Spring-security to 5.6.9/ 5.7.5 due to CVE-2022-31692, CVE-2022-31690
CDPD-46421 [7.1.8 CHF3 CLONE] - Ranger - Upgrade Spring-security to 5.6.9/ 5.7.5 due to CVE-2022-31692, CVE-2022-31690
CDPD-46488 Backport Ozone bug fixes to enable Impala for Mastercard in 7.1.8 CHF3 [Ozone side]
CDPD-46495 [7.1.8 CHF3 CLONE] Upgrade snakeyaml to 1.32 in ranger-plugins-audit
CDPD-46498 [7.1.8 CHF3 CLONE] Ranger - Upgrade jettison to 1.5.1 due to CVE-2022-40149, CVE-2022-40150
CDPD-46525 [7.1.8 CHF3] [RANGER-3913] Reduce number of calls to FilenameUtils.wildcardMatch() when evaluating resource matching
CDPD-46530 Spark - Upgrade Apache Ivy to 2.5.1 due to CVE-2022-37865, CVE-2022-37866
CDPD-46531 CPX, config-service 7.1.8 CHF3 - Upgrade dropwizard and jackson
CDPD-46532 PvC - WEBHDFS operation on Namenode UI via knox fails when HDFS in HA
CDPD-46569 Atlas - Upgrade Apache Ivy to 2.5.1 due to CVE-2022-37865, CVE-2022-37866
CDPD-46580 [7.1.8 CHF3 CLONE] Ranger - Upgrade protobuf-java to 3.21.7 due to CVE-2022-3171
CDPD-46628 Phoenix - Exclude Tomcat Embed Core from Apache Thrift due to high CVEs
CDPD-46666 Knox - Upgrade commons-codec to 1.13 or higher
CDPD-46670 SRM - Upgrade commons-codec to 1.13 or higher
CDPD-46673 Kafka_connect_ext - Upgrade commons-codec to 1.13 or higher
CDPD-46675 Hbase - Upgrade commons-codec to 1.13 or higher
CDPD-46679 Impala - Upgrade Woodstox to 5.4.0/6.4.0 due to multiple CVEs
CDPD-46739 [7.1.8 CHF3 CLONE] - Ranger - Upgrade Woodstox to 5.4.0/6.4.0 due to multiple CVEs
CDPD-46740 [7.1.8 CHF3 CLONE] - Ranger - Upgrade wildfly-openssl to 1.1.3.Final/1.1.3.Final+ due to CVE-2020-25644
CDPD-46741 [7.1.8 CHF3 CLONE] - Ranger - Upgrade commons-codec to 1.13 or higher
CDPD-46746 [7.1.8 CHF3 CLONE] - AuditFileSpool logs out all events that were not audited successfully
CDPD-46768 Dependency convergence error in Zeppelin due to stax2-api from Hadoop
CDPD-46779 Fix requirements.txt logic for Python3 project which includes PPC and nonPPC platform
CDPD-46805 [7.1.8 CHF 3] - Restrict scripts from accessing Java classes and methods
CDPD-46827 Add virtualenv-make-relocatable in the pip install
CDPD-46875 Improve Hue PPC build script and RPM spec file
CDPD-46877 Backport 'HDDS-7453. Check certificate expiration at service startup, renew if necessary'
CDPD-46891 Python files in phoenix-queryserver are not compatible with python3
CDPD-46943 Schemaregistry needs an upgrade due to EOL and CVEs on jackson-mapper-asl
CDPD-46945 Backport HIVE-26481 to CDH-7.1.8.x
CDPD-46958 Backport HIVE-26761 to CDH-7.1.8.x
CDPD-46987 In Hue Makefile, pin specific pip, virtualenv python packages version
CDPD-47037 RM UI redirect link to the Spark3 History Server fails
CDPD-47056 Fix Ranger TagRest API deleteTagResourceMapByGuid
CDPD-47107 Multiple Oozie unit tests fails after netty upgrade on 7.1.7.2000
COMPX-12488 Queue Manager 7.1.8 CHF3 - Upgrade jackson-databind to 2.13.3 due to high CVEs
COMPX-12560 Fix JSON formatting in the RM tests
KT-7410 - [7.1.8 CHF3] - Key HSM - Upgrade jackson-databind to 2.13.3 due to high CVEs
KT-7421- [7.1.8 CHF3] Keytrustee-keyhsm - Upgrade commons-codec to 1.13 or higher
KT-7423- Key HSM - Upgrade Spring Framework, google-gson, Bouncy Castle and Jetty due to CVEs
CDPD-41758 HBase - Upgrade Apache Commons BeanUtils to 1.9.4 due to high CVEs
CDPD-42043 CDPD - Upgrade jackson-databind to 2.12.7.1 due to CVEs
CDPD-44768 CDPD-44399 Migrate to reload4j in the search repository
CDPD-45376 Hadoop - Upgrade snakeyaml to 1.32 due to high CVEs
CDPD-45963 Oozie and Sqoop CVE backport from 7.1.7 SP2 to 7.1.8 CHF 3 umbrella ticket
CDPD-46822 CDPD-46610 Ozone - Upgrade woodstox on branch CDH-7.1.8.x
CDPD-40475 Upgrade Spring Framework to 5.3.20 due to CVE-2022-22971, CVE-2022-22970, CVE-2022-22968

CDPD-46894 Replace JUnit5 assertEquals with JUnit4 in TestSSLZookeeperFactoryArguments

Table 1. Cloudera Runtime 7.1.8.11 (Cumulative Hotfix 3) download URL:
Parcel Repository Location
`https://[username]:[password]@archive.cloudera.com/p/cdh7/7.1.8.11/parcels/`

Technical Service Bulletin

TSB 2024-775: FileNotFoundException for Ozone Filesystem JAR during or after CDP installation or upgrade: A potential availability issue has been found with services that have an Ozone client dependency on the ozone-filesystem-hadoop3 fat JAR file when upgrading the Cloudera Data Platform (CDP) Private Cloud Base cluster from version 7.1.8 to 7.1.9. This issue may also affect service installations, runs, and restarts during or after the CDP Private Cloud Base installation or upgrade.; The following exception appears on the Cloudera Manager User Interface (UI) or in the log files of the respective service when an installation, upgrade or other operations fail due to this issue: `java.io.FileNotFoundException: /path/to/ozone-filesystem-hadoop3-<version>.jar (No such file or directory).; The failure is caused by the broken symbolic link: /var/lib/hadoop-hdfs/ozone-filesystem-hadoop3.jar. This issue arises if the hdfs user already exists on the node before the Cloudera Runtime parcel activation. When the hdfs user already exists on the node, the Cloudera Manager agent skips the initialization related to Hadoop Distributed File System (HDFS), which includes creating the /var/lib/hadoop-hdfs directory. As the path is not created, the symbolic link cannot be created during the parcel activation process. This results in a series of broken symbolic links that point to the Ozone binaries.
Knowledge article: For the latest update on this issue see the corresponding Knowledge Article: TSB 2024-775: FileNotFoundException for the Ozone FS JAR during or after installation or upgrade