Cumulative hotfix CDP PvC Base 7.1.8.15-5 (Cumulative hotfix4)

Know more about the cumulative hotfix 4 for 7.1.8. This cumulative hotfix was released on February 23, 2023.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.8-1.cdh7.1.8.p15.37973152

Issue Description
COMPX-13398 QM - Replace log4j 1.x with reload4j - 7.1.8.x
COMPX-12815 Backport YARN-10178 to 7.1.8 CHFx : Crash in global async scheduler thread
COMPX-12803 QM 7.1.8 CHF4 - Upgrade Apache Commons Text to 1.10.0 due to CVE-2022-42889
COMPX-12687 Config Store 7.1.8 CHF4 - Remove Apache commons-text dependency
CDPD-49491 CPX - Use external versions for reload4j
CDPD-48947 Ranger Upgrade from 7.2.11 to 7.2.16 failed
CDPD-48546 CDH-7.1.8.x - Impala build failure - Ubuntu20
CDPD-48420 Backport CDPD-42069 to CDH 7.1.8.x
CDPD-48362 Constantly failing tests in TopicCommandIntegrationTest
CDPD-48352 [ranger][replication] Import succeeds but policies were skipped
CDPD-48319 Backport IMPALA-10702
CDPD-48318 Backport IMPALA-10794 and IMPALA-11401 to 7.1.8
CDPD-48259 Ranger Admin landing page via knox proxy is broken after upgrade
CDPD-48244 ranger] [replication] Support policyMatchingAlgorithm parameter for ranger policy replication
CDPD-48232 [ranger] [replication] Policy transform step is removing hdfs execute permission.
CDPD-48215 Exclude reload4j from Hadoop dependencies
CDPD-48210 Backport HIVE-26567 to CDH-7.1.8.x
CDPD-48209 Backport HIVE-26566 to CDH-7.1.8.x
CDPD-48207 Backport HIVE-26504 to CDH-7.1.8.x
CDPD-48206 Backport HIVE-26488 to CDH-7.1.8.x
CDPD-48205 Backport HIVE-26253 to CDH-7.1.8.x
CDPD-48204 Backport HIVE-25856 to CDH-7.1.8.x
CDPD-48203 Backport HIVE-25755 to CDH-7.1.8.x
CDPD-48202 Backport HIVE-25391 to CDH-7.1.8.x
CDPD-48201 Backport HIVE-25223 to CDH-7.1.8.x
CDPD-48193 Backport HIVE-26875 to CDH-7.1.8.x
CDPD-48152 Fix IMPALA-11812 in 7.1.8: Catalogd OOM due to lots of HMS FieldSchema instances
CDPD-48139 Backport PARQUET-1744 to CDH-7.1.8.x
CDPD-48136 Backport HIVE-21599 to CDH-7.1.8.x
CDPD-48131 Disable TestZookeeperLockManager#testMetrics on CDH-7.1.8.x
CDPD-48129 [ranger][replication] If a change is made in the resource field of a policy on the source cluster, a new policy is created on the target cluster instead of changing the existing policy
CDPD-48119 Ranger - Upgrade OWASP Java HTML Sanitizer due to security CVEs
CDPD-48116 Disable orc_merge9 on CDH-7.1.8.x
CDPD-48097 Backport HIVE-23220 to CDH-7.1.8.x
CDPD-48092 Hue fails to translate Korean langauge
CDPD-48055 Ranger Replication : Support both JDK 8 and JDK 11 on destination cluster
CDPD-48051 Knox - Upgrade Cloudera Manager API due to CVE-2021-29243, CVE-2021-32482
CDPD-48041 Ranger - Upgrade commons-net to 3.9.0 due to CVE-2021-37533
CDPD-48032 Ranger - Upgrade jettison to 1.5.2 due to CVE-2022-45685 and CVE-2022-45693
CDPD-48008 Zeppelin - Upgrade httpclient due to CVE-2020-13956
CDPD-47992 Cruise Control - Upgrade Netty to 4.1.86.Final due to CVE-2022-41881, CVE-2022-41915
CDPD-47990 Kafka - Upgrade Netty to 4.1.86.Final due to CVE-2022-41881, CVE-2022-41915
CDPD-47989 Ranger - Upgrade Netty to 4.1.86.Final due to CVE-2022-41881, CVE-2022-41915
CDPD-47955 [7.1.8 CHF4] - Ranger - Upgrade bootbox to 6.0.0 due to GHSA-87mg-h5r3-hw88
CDPD-47950 Ranger - Upgrade tomcat to 8.5.84/9.0.69+/10.1.2+ due to CVE-2022-42252, CVE-2022-34305, CVE-2022-45143
CDPD-47909 Ranger - Upgrade moment.js to 2.29.4 due to CVE-2022-24785, CVE-2022-31129
CDPD-47880 DAS - Upgrade protobuf-java to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171
CDPD-47876 HUEQP - Upgrade jackson-databind to 2.12.7.1 or 2.13.4.2 due to high CVEs
CDPD-47868 [7.1.8 CHF4-CLONE] - Backport RANGER-3593 into cdpd-master
CDPD-47843 Backport HIVE-26736 to CDH-7.1.8.x
CDPD-47842 Backport HIVE-26671 to CDH-7.1.8.x
CDPD-47841 Backport HIVE-25738 to CDH-7.1.8.x
CDPD-47840 Backport HIVE-24579 to CDH-7.1.8.x
CDPD-47839 Backport HIVE-21152 to CDH-7.1.8.x
CDPD-47836 SMM Data Explorer offset slider 'from offset' doesn't update on partition change
CDPD-47813 Atlas - Do the fix for CVE-2022-34271
CDPD-47777 Remove unused hadoop.guava.version from HBase pom.xml
CDPD-47745 Fix 7.1.8 CHF4 for IMPALA-11753 CatalogD OOMkilled due to natively allocated memory
CDPD-47649 impala build failure in 7.1.7.2000 due to versions:set
CDPD-47611 Ignore testRollbackForSplitTableRegionWithReplica() in TestSplitTableRegionProcedure
CDPD-47610 test_scanners.TestParquet.test_corrupt_files fails on 7.1.8 in S3 builds
CDPD-47602 Backport PHOENIX-6638 to 7.1.8 CHF4
CDPD-47600 Backport to CHF 4: Restart of HIVE_ON_TEZ causes a Knox topology redeploy
CDPD-47590 Backport "FSCK Report broken with RequestHedgingProxyProvider" to CDH-7.1.8.x
CDPD-47460 IMPALA-11631 Impala crashes in impala::TopNNode::Heap::Close()
CDPD-47457 NFS Gateway may release buffer too early
CDPD-47409 Unit tests in TestAuthFilterAuthOozieClient fail intermittently
CDPD-47407 Backport HADOOP-18499 S3A to support HTTPS web proxies to 7.1.8.x
CDPD-47405 Backport KNOX-2824 (Make SameSite attribute on KnoxSSO Cookie Configurable) to 7.1.8
CDPD-47395 Atlas - Upgrade jackson-databind to 2.12.7.1 or 2.13.4.2 for 7.1.8 CHF4 due to high CVEs
CDPD-47378 Backport Hue PR 3107
CDPD-47362 IMPALA-11779 Codegen crash due to null slots
CDPD-47355 CPX - use external versions for wiremock-jre8
CDPD-47354 Backport PHOENIX-6711 to 7.1.8 CHF4
CDPD-47337 backport CDPD-46689 to 7.1.8.x
CDPD-47335 backport CDPD-26518 to 7.1.8.x
CDPD-47320 testLoadOnRestart unit test failed on 7.1.8 CHF 3
CDPD-47317 COLSTATUS Null Pointer Exception for implicit collections
CDPD-47273 backport PATCH-5596 IMPALA-10654 to 7.1.8.x
CDPD-47270 backport PATCH-5596 IMPALA-10948 to 7.1.8.x
CDPD-47262 Remove apache commons-text replacement from components.ini
CDPD-47251 testRetryConsoleUrlForked unit test fails with NPE
CDPD-47246 Enable Gerrit build/test for ratis-thirdparty
CDPD-47245 Add reload4j dependency to Distcp share lib
CDPD-47196 Smile unit tests are failing in Solr 7.1.8.x
CDPD-47137 Backport part of HBASE-27141 from upstream to 7.1.7 SP2
CDPD-47134 Kafka Connect unit test job fails frequently due to docker image build problems
CDPD-47129 Handle empty CSV fields via OpenCSVSerde
CDPD-47105 IMPALA-11751 Crash in processing partition columns of Avro table with MT_DOP>1
CDPD-47074 Set column names in result schema when plan has Values root
CDPD-47030 Impala-shell ldap_password_cmd fails on Python 3.8
CDPD-46984 Hbase replication Policy set up fails between 7.1.8 and 7.2.16 cluster
CDPD-46969 backport IMPALA-11274 to 7.1.8 CHF4
CDPD-46890 HBase-thirdparty - Upgrade Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server to 9.4.48.v20220622/11.0.11 due to critical CVEs
CDPD-46794 Connection pool for ObjectStore does not emit metrics
CDPD-46789 Policy update request fails if isDenyAllElse flag is set true in request json when using "/policy/apply" API
CDPD-46774 Enable batch mode for the Spark Atlas connector unit tests, do not use the Apache maven repo
CDPD-46747 Upgrade saxon to 10.8
CDPD-46669 Zeppelin - Upgrade commons-codec to 1.13 or higher
CDPD-46665 Livy - Upgrade commons-codec to 1.13 or higher
CDPD-46664 Hive - Upgrade commons-codec to 1.13 or higher
CDPD-46658 Solr - Upgrade wildfly-openssl to 1.1.3.Final/1.1.3.Final+ due to CVE-2020-25644
CDPD-46657 Hadoop - Upgrade wildfly-openssl to 1.1.3.Final/1.1.3.Final+ due to CVE-2020-25644
CDPD-46626 Test failure: TestContainerRunnerImpl.testSubmitSameFragment
CDPD-46568 Hive - Upgrade Apache Ivy to 2.5.1 due to CVE-2022-37865, CVE-2022-37866
CDPD-46564 Hue - Upgrade protobuf-java to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171
CDPD-46560 Knox - Upgrade protobuf-java to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171
CDPD-46552 Hbase-thirdparty - Upgrade protobuf-java to 3.21.9 due to CVE-2022-3171
CDPD-46549 CDPD - Upgrade protobuf-java to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171
CDPD-46322 Update logredactor to 2.0.14 due to CVEs in jackson-databind
CDPD-46198 Search - Upgrade jsoup to 1.15.3 due to high CVEs
CDPD-46161 [ranger][replication] cm_hdfs service wasn't transformed properly
CDPD-46160 [ranger][replication] Export should fail for non-existing services
CDPD-45966 Sqoop - Upgrade hsqldb to 2.7.1 due to CVE-2022-41853
CDPD-45964 Oozie - Upgrade hsqldb to 2.7.1 due to CVE-2022-41853
CDPD-45959 Some tests fail with ssl3_get_server_certificate:certificate verify failed
CDPD-45687 Hue Server ignore ssl_cipher_list configuration
CDPD-45578 Upgrade jettison to 1.5.1 due to CVE-2022-40149, CVE-2022-40150
CDPD-45576 Atlas - Upgrade jettison to 1.5.1 due to CVE-2022-40149, CVE-2022-40150
CDPD-45539 Upgrade hsqldb to 2.7.1 due to CVE-2022-41853
CDPD-45498 Add missing changes of CDPD-23445 patches
CDPD-45448 Use Calcite to remove sections of a query plan known never produces rows
CDPD-45385 DAS - Upgrade snakeyaml to 1.32 due to high CVEs
CDPD-45302 spark_atlas_connector_for_spark3_unittests failures
CDPD-44719 Spark Atlas Connector - Update log4j to reload4j
CDPD-43856 Zeppelin - Upgrade postgresql JDBC Driver to 42.5.1 due to CVE-2022-31197
CDPD-43540 Hive Security - Upgrade jersey's jersey to 2.36/3.0.5 due to medium CVEs
CDPD-43354 Zeppelin - Remove vulnerable Apache Xalan Java library (CVE-2022-34169)
CDPD-42699 Livy - Update log4j to reload4j
CDPD-42599 Spark - Update log4j1 to reload4j
CDPD-42572 Zeppelin - Cherry-pick ZEPPELIN-4489 due to CVE-2020-13929
CDPD-42499 Zeppelin - Upgrade HtmlUnit to 2.62.0 due to high CVEs
CDPD-42447 Phoenix - Upgrade ICU4J to safe version due to high CVEs
CDPD-42428 Zeppelin - Upgrade jsoup to 1.15.3 due to high CVEs
CDPD-42384 Spark Atlas Connector - Upgrade Data Mapper for Jackson to 1.9.16-TALEND due to high CVEs
CDPD-42290 Zeppelin - Upgrade JDOM to 2.0.6.1 due to high CVEs
CDPD-42285 Avro - Upgrade JDOM to 2.0.6.1 due to high CVEs
CDPD-42217 Avatica - Upgrade Apache HttpClient to 4.5.13 due to medium CVEs
CDPD-42153 Knox - Upgrade Protocol Buffer Java API to 2.6.1/3.21.2 due to medium CVEs
CDPD-42138 Avatica - Upgrade Protocol Buffer Java API to 2.6.1/3.21.2 due to medium CVEs
CDPD-42135 Upgrade Netty Project to 4.1.78.Final due to critical CVEs
CDPD-42115 HBase - Upgrade Netty Project to 4.1.78.Final due to critical CVEs
CDPD-42029 Oozie - Upgrade jackson-databind to 2.12.7.1 or 2.13.4.2 due to high CVEs
CDPD-42014 Atlas - Upgrade jackson-databind to 2.12.7.1 or 2.13.4.2 due to high CVEs
CDPD-41998 Phoenix-connectors - Upgrade Guava: Google Core Libraries for Java to v28.2/31.1-jre due to low CVEs
CDPD-41997 Phoenix-thirdparty - Upgrade Guava: Google Core Libraries for Java to v28.2/31.1-jre due to low CVEs
CDPD-41988 HBase-thirdparty - Upgrade Guava: Google Core Libraries for Java to v28.2/31.1-jre due to low CVEs
CDPD-41981 Curator - Upgrade Guava: Google Core Libraries for Java to v28.2/31.1-jre due to low CVEs
CDPD-41975 Avatica - Upgrade Guava: Google Core Libraries for Java to v28.2/31.1-jre due to medium CVEs
CDPD-41279 Sqoop - Upgrade protobuf-java to 3.16.1+ due to CVE-2021-22569
CDPD-41264 IMPALA-10316 load_nested.py failed due to out of memory during Jenkins GVO
CDPD-40916 Zeppelin - Upgrade xercesImpl to 2.12.2 or later due to CVE-2022-23437
CDPD-40912 Kafka Connect - Upgrade wildfly-elytron to 1.15.5 / 1.16.1 due to CVE-2021-3642
CDPD-40849 Zeppelin - Upgrade gson to 2.9.0 due to CVE-2022-25647
CDPD-31728 Audits : For db create , there are 2 update audits instead of 1 create 1 update
CDPD-29098 Oozie - Replace log4j 1.x with reload4j
CDPD-29057 HBase - Replace log4j 1.x with reload4j
CDPD-27403 DAS - Upgrade hibernate-validator to 6.1.6.Final or later due to CVE-2020-10693, CVE-2019-10219
CDPD-25701 IMPALA-10683 TestHdfsParquetTableWriter.test_double_precision broken on S3
CDPD-19398 Zeppelin - Upgrade to jersey-media-jaxb 2.32
TSB 2022-641 InvalidClassException while editing queue configurations in YARN Queue Manager UI
  • Table 1. Cloudera Runtime 7.1.8.15 (Cumulative Hotfix 4) download URL:
    Parcel Repository Location
    https://[username]:[password]@archive.cloudera.com/p/cdh7/7.1.8.15/parcels/

Technical Service Bulletin

TSB 2024-775: FileNotFoundException for Ozone Filesystem JAR during or after CDP installation or upgrade
A potential availability issue has been found with services that have an Ozone client dependency on the ozone-filesystem-hadoop3 fat JAR file when upgrading the Cloudera Data Platform (CDP) Private Cloud Base cluster from version 7.1.8 to 7.1.9. This issue may also affect service installations, runs, and restarts during or after the CDP Private Cloud Base installation or upgrade.
The following exception appears on the Cloudera Manager User Interface (UI) or in the log files of the respective service when an installation, upgrade or other operations fail due to this issue: `java.io.FileNotFoundException: /path/to/ozone-filesystem-hadoop3-<version>.jar (No such file or directory).
The failure is caused by the broken symbolic link: /var/lib/hadoop-hdfs/ozone-filesystem-hadoop3.jar. This issue arises if the hdfs user already exists on the node before the Cloudera Runtime parcel activation. When the hdfs user already exists on the node, the Cloudera Manager agent skips the initialization related to Hadoop Distributed File System (HDFS), which includes creating the /var/lib/hadoop-hdfs directory. As the path is not created, the symbolic link cannot be created during the parcel activation process. This results in a series of broken symbolic links that point to the Ozone binaries.
Knowledge article
For the latest update on this issue see the corresponding Knowledge Article: TSB 2024-775: FileNotFoundException for the Ozone FS JAR during or after installation or upgrade