Cumulative hotfix CDP PvC Base 7.1.8.25-6 (Cumulative hotfix5)

Know more about the cumulative hotfix 5 for 7.1.8. This cumulative hotfix was released on April 13, 2023.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.8-1.cdh7.1.8.p25.3924029
  • TSB 2024-650: Arbitrary file deletion vulnerability in Apache Zeppelin
  • COMPX-13542: Queue Manager: CVE-2023-24998-upgrade commons-fileupload library to version 1.5
  • COMPX-13430: Dynamic Queue Schedules fail to reload from CM config
  • COMPX-13423: MAPREDUCE-7433 Remove unused mapred/LoggingHttpResponseEncoder.java
  • COMPX-13422: MAPREDUCE-7268 Fix TestMapreduceConfigFields
  • COMPX-13421: MAPREDUCE-7237 Supports config the shuffle's path cache related parameters
  • COMPX-13272: HADOOP-18602 Remove netty3 dependency
  • COMPX-12964: MAPREDUCE-7431 ShuffleHandler is not working correctly in SSL mode after the Netty 4 upgrade
  • COMPX-12083: [7.1.8]Queue Manager - Upgrade Apache Maven to 3.8.6 due to CVE-2021-26291
  • CDPD-54108: Sqoop not proceeding on all CDPD release lines
  • CDPD-53826: Ranger - Upgrade jettison to 1.5.4 due to CVE-2023-1436
  • CDPD-53804: Ranger - Upgrade Spring Framework to 5.3.26/6.0.7 due to CVE-2023-20861 and CVE-2023-20860
  • CDPD-53293: Hive component fail to build on cdpd-master - 7.2.17.0
  • CDPD-51874: Exclude netty3 from SMM
  • CDPD-50739: Atlas - Upgrade Woodstox to 5.4.0/6.4.0 due to multiple CVEs
  • CDPD-50725: impala build failure in 7.2.17.0 cdpd-master redhat8
  • CDPD-50651: [7.1.8] Queue Manager - Upgrade Apache Maven to 3.8.6 due to CVE-2021-26291
  • CDPD-50612: Backport HIVE-27056 to CDH-7.1.8.x
  • CDPD-50603: Spark3 parcels required on SLES15
  • CDPD-50587: Checksum error when issuing Distcp between Ozone and HDFS
  • CDPD-50538: [7.1.8.x] - Ranger - Upgrade Kerby to 2.0.3 due to CVE-2023-25613
  • CDPD-50534: [7.1.8.x] - Add unique constraint on resource_signature column of x_rms_service_resource table
  • CDPD-50511: Fix the everit-json-schema dependency in Schema Registry
  • CDPD-50455: [7.1.8.x]- Unable to delete the user if policy is created by same user and added in the policy item
  • CDPD-50434: [7.1.8.x] - No policy found for given version in Ranger Audit page
  • CDPD-50396: Schemaregistry - Upgrade org.json to 20220924+ due to CVE-2022-45688
  • CDPD-50393: backport IMPALA-11960 to 7.1.8
  • CDPD-50374: HDDS-8095: unbuffer unsupported with TDE
  • CDPD-50367: [7.1.8.x] - Ranger - Upgrade snakeyaml due to CVE-2022-1471
  • CDPD-50341: Backport CDPD-50165 to 7.1.8 CHF
  • CDPD-50305: Backport PHOENIX-6889: Improve extraction of ENCODED_QUALIFIERs
  • CDPD-50234: BACKPORT to 7.1.8.x - SR Client OAuth token refresh stopped working
  • CDPD-50223: Backport KNOX-2534 Allow alias to be used in pac4j topology block to 7.1.8.x
  • CDPD-50216: Backport PHOENIX-6889: Improve extraction of ENCODED_QUALIFIERs
  • CDPD-50164: BACKPORT to 7.1.8.x - Implement graceful retry in Schema Registry client for intermittent request failures
  • CDPD-50160: Backport CDPD-47449 to 7.1.8 CHF
  • CDPD-50110: Fix for CDPD-41495 (Knox CLI user-auth-test command failure) should be cherry picked to other PVC branch
  • CDPD-50075: [7.1.8.x] - Ranger: upgrade tomcat to 8.5.85 or higher
  • CDPD-50055: Backport IMPALA-11953 to CDH-7.1.8.x
  • CDPD-50044: Provide LiveNode and DeadNode filter in DataNode UI
  • CDPD-50032: Solr: CVE-2023-24998-upgrade commons-fileupload library to version 1.5
  • CDPD-50000: [7.1.8 CHF5 - CLONE] Ranger AD User Sync - support for AD group names containing slashes
  • CDPD-49999: Backport IMPALA-11932 to 718CHF5
  • CDPD-49981: Backport PARQUET-1633 to CDH-7.1.8.x
  • CDPD-49979: Backport CALCITE-2953 to CDH-7.1.8.x
  • CDPD-49924: Backport fix for IMPALA-11795 to 7.1.8.x
  • CDPD-49920: Backport IMPALA-11081 to 718CHF5
  • CDPD-49864: Solr gets in unhealthy state after ranger authorization is enabled.
  • CDPD-49845: Backport HDDS-7371 - Create properties for all dependency versions
  • CDPD-49831: Backport HIVE-12254 to CDH-7.1.8.x
  • CDPD-49823: Backport IMPALA-5476 to 7.1.8 CHF
  • CDPD-49821: Backport HIVE-26837 to CDH-7.1.8.x
  • CDPD-49806: Backport CALCITE-3466 to CDH-7.1.8.x
  • CDPD-49804: Backport CALCITE-3876 to CDH-7.1.8.x
  • CDPD-49802: Backport HIVE-23891 to CDH-7.1.8.x
  • CDPD-49770: Backport HIVE-27029 to CDH-7.1.8.x
  • CDPD-49768: Backporting upstream SOLR-13199 fix
  • CDPD-49749: Backport IMPALA-11418 to CDH-7.1.8
  • CDPD-49718: Backport HBASE-27624 to 7.1.8 CHF5
  • CDPD-49696: Certain alert policy crashes the alerts tab
  • CDPD-49563: Backport HADOOP-18584 [NFS GW] Fix regression after netty4 migration to CDH-7.1.8.x
  • CDPD-49534: Backport HIVE-26911 to CDH-7.1.8.x
  • CDPD-49521: Fix CVE-2023-25194 in Kafka Connect
  • CDPD-49455: Backport PHOENIX-6720: CREATE TABLE can't recreate column encoded tables that had columns dropped
  • CDPD-49447: Backport ZEPPELIN-5624 to 7.1.8 CHF5
  • CDPD-49428: Tez - Replace log4j 1.x with reload4j - 7.1.8.x
  • CDPD-49427: Atlas - Replace log4j 1.x with reload4j - 7.1.8.x
  • CDPD-49242: Support for building Impala on SLES15 SP4
  • CDPD-49197: Impala fixes for Ozone support
  • CDPD-49193: Add CLI for renewing the expired deleted block txn
  • CDPD-49141: [7.1.8.x] - Ranger - Replace log4j 1.x with reload4j
  • CDPD-49111: Backport IMPALA-11845 to 7.1.8 CHF5: Fix incorrect check of struct STAR path in resolvePathWithMasking
  • CDPD-49053: Atlas - Upgrade Tinkerpop to 3.5.4
  • CDPD-49010: Backport HBASE-27397 to 7.1.8 CHF5
  • CDPD-49006: Regression : admin/audits , admin/purge fail with "[__AtlasAuditEntry.startTime] is not indexed in the targeted index [vertex_index]" 7.1.8 chf5
  • CDPD-48959: CLONE - Kafka Connect - Upgrade jackson-databind to 2.12.7 due to high CVEs
  • CDPD-48921: Accessing parameters of a x-www-form-urlencoded request consumes the request body
  • CDPD-48915: Backport CDPD-43553 to CDH-7.1.8.x
  • CDPD-48907: Remove log4j-1.2-api jar from solr server lib
  • CDPD-48891: Backport IMPALA-10436, IMPALA-11611 and IMPALA-11682 to 7.1.8
  • CDPD-48862: Backport CDPD-23460 to 7.1.8.x
  • CDPD-48861: Backport CDPD-46448 to 7.1.8.x
  • CDPD-48860: Backport CDPD-42134 to 7.1.8.x
  • CDPD-48859: Backport CDPD-33861 to 7.1.8.x
  • CDPD-48858: Backport CDPD-40521 to 7.1.8.x
  • CDPD-48857: Backport CDPD-39829 to 7.1.8.x
  • CDPD-48856: Backport CDPD-29104 to 7.1.8.x
  • CDPD-48855: Backport CDPD-42316 to 7.1.8.x
  • CDPD-48847: Oozie "root" rewrite rule's pattern is too open
  • CDPD-48828: [ranger] [replication] Script should not permit N : 1 mappings for services of the same service type
  • CDPD-48787: download_bytes_limit not working on SP1 and 7.1.8
  • CDPD-48780: impala-shell now requires setuptools be manually added
  • CDPD-48777: Backport KUDU-3406, CDPD-47068 to 7.1.8
  • CDPD-48770: The username coming from auth is always anonymous - 718CHF5
  • CDPD-48746: Backport CDPD-42120 to 7.1.8.x
  • CDPD-48745: Backport CDPD-42365 to 7.1.8.x
  • CDPD-48744: Backport CDPD-42248 to 7.1.8.x
  • CDPD-48741: Exclude reload4j from Ranger-Kafka-Plugin dependency
  • CDPD-48738: Backport CDPD-47816 to 7.1.8.x
  • CDPD-48737: Replace slf4j-log4j12 to slf4j-reload4j
  • CDPD-48734: [Unit test] Oozie unit tests failing due to NoClassDefFoundError
  • CDPD-48731: SMM UI - Upgrade decode-uri-component to 0.2.2 due to CVE-2022-38900
  • CDPD-48727: Upgrade Jquery Datatables to 1.13.2
  • CDPD-48724: HWC - Upgrade Netty to 4.1.86.Final due to CVE-2022-41881, CVE-2022-41915
  • CDPD-48721: Impala - Upgrade Jquery Datatables to the latest version to avoid Security issues
  • CDPD-48667: [Unit test] 'testMultipleClientAuthTokenCache' Oozie unit test fails intermittently
  • CDPD-48665: Backport IMPALA-11699 and IMPALA-11720 to 7.1.8
  • CDPD-48655: Missing org.apache.logging.log4j.util.ServiceLoaderUtil class from SAC classpath
  • CDPD-48629: Backport remaining ozone open key cleanup changes
  • CDPD-48624: Parquet - Replace log4j1 with reload4j
  • CDPD-48577: Backport SPARK-32638 to 7.1.8.x
  • CDPD-48572: Backport PHOENIX-6855
  • CDPD-48571: Backport SPARK-27254 to 7.1.8.x
  • CDPD-48567: Backport SPARK-27210 to 7.1.8.x
  • CDPD-48510: Backport KUDU-3322 and KUDU-3319 to 7.1.8
  • CDPD-48509: Backport KUDU-3354 to 7.1.8
  • CDPD-48475: Unexpected Knox HA behaviour with noFallback=true
  • CDPD-48449: distcp -update skips files of same size, name when transferring from Hdfs to S3
  • CDPD-48353: Backport HIVE-26799 to CDH-7.1.8.x
  • CDPD-48305: Zeppelin - Upgrade jquery-ui to 1.13.0+ due to CVEs
  • CDPD-48241: Knox - Upgrade mina to 2.1.5+ due to CVE-2021-41973
  • CDPD-48183: Atlas - Upgrade reactor-netty to 1.0.24+ due to CVE-2022-31684
  • CDPD-48178: CPX - Upgrade snakeyaml due to CVE-2022-1471
  • CDPD-48172: Search - Upgrade snakeyaml due to CVE-2022-1471
  • CDPD-48170: Schema Registry - Upgrade snakeyaml due to CVE-2022-1471
  • CDPD-48168: Ozone - Upgrade snakeyaml due to CVE-2022-1471
  • CDPD-48167: Hadoop - Upgrade snakeyaml due to CVE-2022-1471
  • CDPD-48166: Atlas - Upgrade snakeyaml due to CVE-2022-1471
  • CDPD-48135: Backport CALCITE-3774 to CDH-7.1.8.x
  • CDPD-48103: Hue UI "Oozie Schedules" Page is very slow to load due to frequent calls to Oozie logs
  • CDPD-48102: Backport Ozone, erasure coding test enablement
  • CDPD-48090: Atlas - Upgrade icu4j to 66.1+ due to CVE-2020-21913
  • CDPD-48088: Spark - Upgrade JavaEWAH to 1.1.7
  • CDPD-48087: Hive - Remove JavaEWAH dependency
  • CDPD-48042: Oozie - Upgrade commons-net to 3.9.0 due to CVE-2021-37533
  • CDPD-48040: Knox - Upgrade commons-net to 3.9.0 due to CVE-2021-37533
  • CDPD-48039: Spark - Upgrade commons-net to 3.9.0 due to CVE-2021-37533
  • CDPD-48037: CDPD - Upgrade commons-net to 3.9.0 due to CVE-2021-37533
  • CDPD-48035: CDPD - Upgrade jettison to 1.5.2 due to CVE-2022-45685 and CVE-2022-45693
  • CDPD-48034: Atlas - Upgrade jettison to 1.5.2 due to CVE-2022-45685 and CVE-2022-45693
  • CDPD-48033: Zeppelin - Upgrade jettison to 1.5.2 due to CVE-2022-45685 and CVE-2022-45693
  • CDPD-48031: Tez - Upgrade jettison to 1.5.3 due to CVE-2022-45685 and CVE-2022-45693
  • CDPD-48030: Hive - Upgrade jettison to 1.5.2 due to CVE-2022-45685 and CVE-2022-45693
  • CDPD-48023: Oozie - Upgrade postgresql to 42.5.1 due to CVE-2022-41946
  • CDPD-48022: Hive - Upgrade postgresql to 42.5.1 due to CVE-2022-41946
  • CDPD-48020: CDPD - Upgrade postgresql to 42.5.1 due to CVE-2022-41946
  • CDPD-48019: SMM - Upgrade postgresql to 42.5.1 due to CVE-2022-41946
  • CDPD-48018: Impala - Upgrade postgresql to 42.5.1 due to CVE-2022-41946
  • CDPD-48017: Hue - Upgrade postgresql to 42.5.1 due to CVE-2022-41946
  • CDPD-48016: Schema Registry - Upgrade postgresql to 42.5.1 due to CVE-2022-41946
  • CDPD-48006: Sqoop - Upgrade Commons IO to 2.11.0 due to security CVEs
  • CDPD-47996: Atlas - Upgrade azure-storage libraries due to CVE-2022-30187
  • CDPD-47993: Ratis thirdparty - Upgrade Netty to 4.1.86.Final due to CVE-2022-41881, CVE-2022-41915
  • CDPD-47991: Ozone - Upgrade Netty to 4.1.86.Final due to CVE-2022-41881, CVE-2022-41915
  • CDPD-47988: Atlas - Upgrade Netty to 4.1.86.Final due to CVE-2022-41881, CVE-2022-41915
  • CDPD-47984: [Unit test] 'testTimeOut' Unit test fails intermittently
  • CDPD-47954: Ozone - Vulnerable libraries found in weld-servlet-2.4.7.Final.jar
  • CDPD-47951: Hue - Upgrade tomcat to 8.5.84/9.0.69+/10.1.2+ due to CVE-2022-42252, CVE-2022-34305, CVE-2022-45143
  • CDPD-47949: Upgrade tomcat to 8.5.84/9.0.69+/10.1.2+ due to CVE-2022-42252, CVE-2022-34305, CVE-2022-45143
  • CDPD-47914: Schema Registry - Upgrade moment.js to 2.29.4 due to CVE-2022-24785, CVE-2022-31129
  • CDPD-47912: Atlas - Upgrade moment.js to 2.29.4 due to CVE-2022-24785, CVE-2022-31129
  • CDPD-47864: Parquet - CVE-2021-41561-Parquet is vulnerable to Dos attack
  • CDPD-47860: Tez - Upgrade Bouncy Castle to 1.70 due to high CVEs
  • CDPD-47765: [Unit test] testSqoopActionWithCommandAndFreeFormQuery YARN app status' was expected:FINISHED but was:RUNNING
  • CDPD-47557: SparklyRHWC certification with R4
  • CDPD-47378: Backport Hue PR 3107
  • CDPD-47235: IMPALA-11767 Hudi reads fail on Ozone with INVALID_VOLUME_NAME org.apache.hadoop.ozone.om.exceptions.OMException: Bucket or Volume name cannot start with a period or dash
  • CDPD-47205: IMPALA-11736 LOAD DATA statement with Ozone data can not load data from different bucket
  • CDPD-46555: Search - Upgrade protobuf-java to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171
  • CDPD-46378: [cds3.2-cdp7.1.7.2000][sac3_unittest] log4j class not found errors
  • CDPD-46376: Use secure XML parser utils in MapReduce
  • CDPD-46375: Use secure XML parser utils in YARN
  • CDPD-46368: Impala remote Ozone scans slow even after data cache warmup
  • CDPD-46151: Backport HADOOP-18469 and HDFS-16795
  • CDPD-45878: Update bootstrap to 4.4.1
  • CDPD-45845: Schema Registry - Upgrade Scala to 2.13.9 due to CVE-2022-36944
  • CDPD-45071: IMPALA-11614 TestValidateMetrics.test_metrics_are_zero fails with num-missing-volume-id for Ozone
  • CDPD-44748: Tez - Replace log4j 1.x with reload4j
  • CDPD-43553: Spark - Upgrade jersey's jersey to 2.36/3.0.5 due to medium CVEs
  • CDPD-43509: Hive Security - Upgrade dom4j: flexible XML framework for Java to safe version due to critical CVEs
  • CDPD-43489: Hive Security - Upgrade Guava: Google Core Libraries for Java to v28.2/31.1-jre due to medium CVEs
  • CDPD-43378: Handle block location for Ozone
  • CDPD-43377: Test coverage for Ozone Transparent Data Encryption
  • CDPD-43376: Ozone support for file handle cache
  • CDPD-43370: Impala Ozone Support
  • CDPD-41491: Impala queries fail with Hive exception referring to HikariPool-1
  • CDPD-36991: Backward compatibility for check provided for AttributeName in Parent and Child TypeDef
  • CDPD-35438: When classification is created with multiple super types having same attributes , Atlas doesn't throw an exception
  • CDPD-28513: HADOOP-17628. Distcp contract test is really slow with ABFS and S3A; timing out
  • CDPD-20476: Refresh icon in left Assist while on DB panel resets to 'default' DB on table panel
Table 1. Cloudera Runtime 7.1.8.25 (Cumulative Hotfix 5) download URL:
Parcel Repository Location
https://[username]:[password]@archive.cloudera.com/p/cdh7/7.1.8.25/parcels/

Technical Service Bulletin

TSB 2024-775: FileNotFoundException for Ozone Filesystem JAR during or after CDP installation or upgrade
A potential availability issue has been found with services that have an Ozone client dependency on the ozone-filesystem-hadoop3 fat JAR file when upgrading the Cloudera Data Platform (CDP) Private Cloud Base cluster from version 7.1.8 to 7.1.9. This issue may also affect service installations, runs, and restarts during or after the CDP Private Cloud Base installation or upgrade.
The following exception appears on the Cloudera Manager User Interface (UI) or in the log files of the respective service when an installation, upgrade or other operations fail due to this issue: `java.io.FileNotFoundException: /path/to/ozone-filesystem-hadoop3-<version>.jar (No such file or directory).
The failure is caused by the broken symbolic link: /var/lib/hadoop-hdfs/ozone-filesystem-hadoop3.jar. This issue arises if the hdfs user already exists on the node before the Cloudera Runtime parcel activation. When the hdfs user already exists on the node, the Cloudera Manager agent skips the initialization related to Hadoop Distributed File System (HDFS), which includes creating the /var/lib/hadoop-hdfs directory. As the path is not created, the symbolic link cannot be created during the parcel activation process. This results in a series of broken symbolic links that point to the Ozone binaries.
Knowledge article
For the latest update on this issue see the corresponding Knowledge Article: TSB 2024-775: FileNotFoundException for the Ozone FS JAR during or after installation or upgrade