Cloudera Docs

Cumulative hotfix CDP PvC Base 7.1.8.25-6 (Cumulative hotfix5)

Know more about the cumulative hotfix 5 for 7.1.8. This cumulative hotfix was released on April 13, 2023.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.8-1.cdh7.1.8.p25.3924029
  • COMPX-13542: Queue Manager: CVE-2023-24998-upgrade commons-fileupload library to version 1.5
  • COMPX-13430: Dynamic Queue Schedules fail to reload from CM config
  • COMPX-13423: MAPREDUCE-7433 Remove unused mapred/LoggingHttpResponseEncoder.java
  • COMPX-13422: MAPREDUCE-7268 Fix TestMapreduceConfigFields
  • COMPX-13421: MAPREDUCE-7237 Supports config the shuffle's path cache related parameters
  • COMPX-13272: HADOOP-18602 Remove netty3 dependency
  • COMPX-12964: MAPREDUCE-7431 ShuffleHandler is not working correctly in SSL mode after the Netty 4 upgrade
  • COMPX-12083: [7.1.8]Queue Manager - Upgrade Apache Maven to 3.8.6 due to CVE-2021-26291
  • CDPD-54108: Sqoop not proceeding on all CDPD release lines
  • CDPD-53826: Ranger - Upgrade jettison to 1.5.4 due to CVE-2023-1436
  • CDPD-53804: Ranger - Upgrade Spring Framework to 5.3.26/6.0.7 due to CVE-2023-20861 and CVE-2023-20860
  • CDPD-53293: Hive component fail to build on cdpd-master - 7.2.17.0
  • CDPD-51874: Exclude netty3 from SMM
  • CDPD-50739: Atlas - Upgrade Woodstox to 5.4.0/6.4.0 due to multiple CVEs
  • CDPD-50725: impala build failure in 7.2.17.0 cdpd-master redhat8
  • CDPD-50651: [7.1.8] Queue Manager - Upgrade Apache Maven to 3.8.6 due to CVE-2021-26291
  • CDPD-50612: Backport HIVE-27056 to CDH-7.1.8.x
  • CDPD-50603: Spark3 parcels required on SLES15
  • CDPD-50587: Checksum error when issuing Distcp between Ozone and HDFS
  • CDPD-50538: [7.1.8.x] - Ranger - Upgrade Kerby to 2.0.3 due to CVE-2023-25613
  • CDPD-50534: [7.1.8.x] - Add unique constraint on resource_signature column of x_rms_service_resource table
  • CDPD-50511: Fix the everit-json-schema dependency in Schema Registry
  • CDPD-50455: [7.1.8.x]- Unable to delete the user if policy is created by same user and added in the policy item
  • CDPD-50434: [7.1.8.x] - No policy found for given version in Ranger Audit page
  • CDPD-50396: Schemaregistry - Upgrade org.json to 20220924+ due to CVE-2022-45688
  • CDPD-50393: backport IMPALA-11960 to 7.1.8
  • CDPD-50374: HDDS-8095: unbuffer unsupported with TDE
  • CDPD-50367: [7.1.8.x] - Ranger - Upgrade snakeyaml due to CVE-2022-1471
  • CDPD-50341: Backport CDPD-50165 to 7.1.8 CHF
  • CDPD-50305: Backport PHOENIX-6889: Improve extraction of ENCODED_QUALIFIERs
  • CDPD-50234: BACKPORT to 7.1.8.x - SR Client OAuth token refresh stopped working
  • CDPD-50223: Backport KNOX-2534 Allow alias to be used in pac4j topology block to 7.1.8.x
  • CDPD-50216: Backport PHOENIX-6889: Improve extraction of ENCODED_QUALIFIERs
  • CDPD-50164: BACKPORT to 7.1.8.x - Implement graceful retry in Schema Registry client for intermittent request failures
  • CDPD-50160: Backport CDPD-47449 to 7.1.8 CHF
  • CDPD-50110: Fix for CDPD-41495 (Knox CLI user-auth-test command failure) should be cherry picked to other PVC branch
  • CDPD-50075: [7.1.8.x] - Ranger: upgrade tomcat to 8.5.85 or higher
  • CDPD-50055: Backport IMPALA-11953 to CDH-7.1.8.x
  • CDPD-50044: Provide LiveNode and DeadNode filter in DataNode UI
  • CDPD-50032: Solr: CVE-2023-24998-upgrade commons-fileupload library to version 1.5
  • CDPD-50000: [7.1.8 CHF5 - CLONE] Ranger AD User Sync - support for AD group names containing slashes
  • CDPD-49999: Backport IMPALA-11932 to 718CHF5
  • CDPD-49981: Backport PARQUET-1633 to CDH-7.1.8.x
  • CDPD-49979: Backport CALCITE-2953 to CDH-7.1.8.x
  • CDPD-49924: Backport fix for IMPALA-11795 to 7.1.8.x
  • CDPD-49920: Backport IMPALA-11081 to 718CHF5
  • CDPD-49864: Solr gets in unhealthy state after ranger authorization is enabled.
  • CDPD-49845: Backport HDDS-7371 - Create properties for all dependency versions
  • CDPD-49831: Backport HIVE-12254 to CDH-7.1.8.x
  • CDPD-49823: Backport IMPALA-5476 to 7.1.8 CHF
  • CDPD-49821: Backport HIVE-26837 to CDH-7.1.8.x
  • CDPD-49806: Backport CALCITE-3466 to CDH-7.1.8.x
  • CDPD-49804: Backport CALCITE-3876 to CDH-7.1.8.x
  • CDPD-49802: Backport HIVE-23891 to CDH-7.1.8.x
  • CDPD-49770: Backport HIVE-27029 to CDH-7.1.8.x
  • CDPD-49768: Backporting upstream SOLR-13199 fix
  • CDPD-49749: Backport IMPALA-11418 to CDH-7.1.8
  • CDPD-49718: Backport HBASE-27624 to 7.1.8 CHF5
  • CDPD-49696: Certain alert policy crashes the alerts tab
  • CDPD-49563: Backport HADOOP-18584 [NFS GW] Fix regression after netty4 migration to CDH-7.1.8.x
  • CDPD-49534: Backport HIVE-26911 to CDH-7.1.8.x
  • CDPD-49521: Fix CVE-2023-25194 in Kafka Connect
  • CDPD-49455: Backport PHOENIX-6720: CREATE TABLE can't recreate column encoded tables that had columns dropped
  • CDPD-49447: Backport ZEPPELIN-5624 to 7.1.8 CHF5
  • CDPD-49428: Tez - Replace log4j 1.x with reload4j - 7.1.8.x
  • CDPD-49427: Atlas - Replace log4j 1.x with reload4j - 7.1.8.x
  • CDPD-49242: Support for building Impala on SLES15 SP4
  • CDPD-49197: Impala fixes for Ozone support
  • CDPD-49193: Add CLI for renewing the expired deleted block txn
  • CDPD-49141: [7.1.8.x] - Ranger - Replace log4j 1.x with reload4j
  • CDPD-49111: Backport IMPALA-11845 to 7.1.8 CHF5: Fix incorrect check of struct STAR path in resolvePathWithMasking
  • CDPD-49053: Atlas - Upgrade Tinkerpop to 3.5.4
  • CDPD-49010: Backport HBASE-27397 to 7.1.8 CHF5
  • CDPD-49006: Regression : admin/audits , admin/purge fail with "[__AtlasAuditEntry.startTime] is not indexed in the targeted index [vertex_index]" 7.1.8 chf5
  • CDPD-48959: CLONE - Kafka Connect - Upgrade jackson-databind to 2.12.7 due to high CVEs
  • CDPD-48921: Accessing parameters of a x-www-form-urlencoded request consumes the request body
  • CDPD-48915: Backport CDPD-43553 to CDH-7.1.8.x
  • CDPD-48907: Remove log4j-1.2-api jar from solr server lib
  • CDPD-48891: Backport IMPALA-10436, IMPALA-11611 and IMPALA-11682 to 7.1.8
  • CDPD-48862: Backport CDPD-23460 to 7.1.8.x
  • CDPD-48861: Backport CDPD-46448 to 7.1.8.x
  • CDPD-48860: Backport CDPD-42134 to 7.1.8.x
  • CDPD-48859: Backport CDPD-33861 to 7.1.8.x
  • CDPD-48858: Backport CDPD-40521 to 7.1.8.x
  • CDPD-48857: Backport CDPD-39829 to 7.1.8.x
  • CDPD-48856: Backport CDPD-29104 to 7.1.8.x
  • CDPD-48855: Backport CDPD-42316 to 7.1.8.x
  • CDPD-48847: Oozie "root" rewrite rule's pattern is too open
  • CDPD-48828: [ranger] [replication] Script should not permit N : 1 mappings for services of the same service type
  • CDPD-48787: download_bytes_limit not working on SP1 and 7.1.8
  • CDPD-48780: impala-shell now requires setuptools be manually added
  • CDPD-48777: Backport KUDU-3406, CDPD-47068 to 7.1.8
  • CDPD-48770: The username coming from auth is always anonymous - 718CHF5
  • CDPD-48746: Backport CDPD-42120 to 7.1.8.x
  • CDPD-48745: Backport CDPD-42365 to 7.1.8.x
  • CDPD-48744: Backport CDPD-42248 to 7.1.8.x
  • CDPD-48741: Exclude reload4j from Ranger-Kafka-Plugin dependency
  • CDPD-48738: Backport CDPD-47816 to 7.1.8.x
  • CDPD-48737: Replace slf4j-log4j12 to slf4j-reload4j
  • CDPD-48734: [Unit test] Oozie unit tests failing due to NoClassDefFoundError
  • CDPD-48731: SMM UI - Upgrade decode-uri-component to 0.2.2 due to CVE-2022-38900
  • CDPD-48727: Upgrade Jquery Datatables to 1.13.2
  • CDPD-48724: HWC - Upgrade Netty to 4.1.86.Final due to CVE-2022-41881, CVE-2022-41915
  • CDPD-48721: Impala - Upgrade Jquery Datatables to the latest version to avoid Security issues
  • CDPD-48667: [Unit test] 'testMultipleClientAuthTokenCache' Oozie unit test fails intermittently
  • CDPD-48665: Backport IMPALA-11699 and IMPALA-11720 to 7.1.8
  • CDPD-48655: Missing org.apache.logging.log4j.util.ServiceLoaderUtil class from SAC classpath
  • CDPD-48629: Backport remaining ozone open key cleanup changes
  • CDPD-48624: Parquet - Replace log4j1 with reload4j
  • CDPD-48577: Backport SPARK-32638 to 7.1.8.x
  • CDPD-48572: Backport PHOENIX-6855
  • CDPD-48571: Backport SPARK-27254 to 7.1.8.x
  • CDPD-48567: Backport SPARK-27210 to 7.1.8.x
  • CDPD-48510: Backport KUDU-3322 and KUDU-3319 to 7.1.8
  • CDPD-48509: Backport KUDU-3354 to 7.1.8
  • CDPD-48475: Unexpected Knox HA behaviour with noFallback=true
  • CDPD-48449: distcp -update skips files of same size, name when transferring from Hdfs to S3
  • CDPD-48353: Backport HIVE-26799 to CDH-7.1.8.x
  • CDPD-48305: Zeppelin - Upgrade jquery-ui to 1.13.0+ due to CVEs
  • CDPD-48241: Knox - Upgrade mina to 2.1.5+ due to CVE-2021-41973
  • CDPD-48183: Atlas - Upgrade reactor-netty to 1.0.24+ due to CVE-2022-31684
  • CDPD-48178: CPX - Upgrade snakeyaml due to CVE-2022-1471
  • CDPD-48172: Search - Upgrade snakeyaml due to CVE-2022-1471
  • CDPD-48170: Schema Registry - Upgrade snakeyaml due to CVE-2022-1471
  • CDPD-48168: Ozone - Upgrade snakeyaml due to CVE-2022-1471
  • CDPD-48167: Hadoop - Upgrade snakeyaml due to CVE-2022-1471
  • CDPD-48166: Atlas - Upgrade snakeyaml due to CVE-2022-1471
  • CDPD-48135: Backport CALCITE-3774 to CDH-7.1.8.x
  • CDPD-48103: Hue UI "Oozie Schedules" Page is very slow to load due to frequent calls to Oozie logs
  • CDPD-48102: Backport Ozone, erasure coding test enablement
  • CDPD-48090: Atlas - Upgrade icu4j to 66.1+ due to CVE-2020-21913
  • CDPD-48088: Spark - Upgrade JavaEWAH to 1.1.7
  • CDPD-48087: Hive - Remove JavaEWAH dependency
  • CDPD-48042: Oozie - Upgrade commons-net to 3.9.0 due to CVE-2021-37533
  • CDPD-48040: Knox - Upgrade commons-net to 3.9.0 due to CVE-2021-37533
  • CDPD-48039: Spark - Upgrade commons-net to 3.9.0 due to CVE-2021-37533
  • CDPD-48037: CDPD - Upgrade commons-net to 3.9.0 due to CVE-2021-37533
  • CDPD-48035: CDPD - Upgrade jettison to 1.5.2 due to CVE-2022-45685 and CVE-2022-45693
  • CDPD-48034: Atlas - Upgrade jettison to 1.5.2 due to CVE-2022-45685 and CVE-2022-45693
  • CDPD-48033: Zeppelin - Upgrade jettison to 1.5.2 due to CVE-2022-45685 and CVE-2022-45693
  • CDPD-48031: Tez - Upgrade jettison to 1.5.3 due to CVE-2022-45685 and CVE-2022-45693
  • CDPD-48030: Hive - Upgrade jettison to 1.5.2 due to CVE-2022-45685 and CVE-2022-45693
  • CDPD-48023: Oozie - Upgrade postgresql to 42.5.1 due to CVE-2022-41946
  • CDPD-48022: Hive - Upgrade postgresql to 42.5.1 due to CVE-2022-41946
  • CDPD-48020: CDPD - Upgrade postgresql to 42.5.1 due to CVE-2022-41946
  • CDPD-48019: SMM - Upgrade postgresql to 42.5.1 due to CVE-2022-41946
  • CDPD-48018: Impala - Upgrade postgresql to 42.5.1 due to CVE-2022-41946
  • CDPD-48017: Hue - Upgrade postgresql to 42.5.1 due to CVE-2022-41946
  • CDPD-48016: Schema Registry - Upgrade postgresql to 42.5.1 due to CVE-2022-41946
  • CDPD-48006: Sqoop - Upgrade Commons IO to 2.11.0 due to security CVEs
  • CDPD-47996: Atlas - Upgrade azure-storage libraries due to CVE-2022-30187
  • CDPD-47993: Ratis thirdparty - Upgrade Netty to 4.1.86.Final due to CVE-2022-41881, CVE-2022-41915
  • CDPD-47991: Ozone - Upgrade Netty to 4.1.86.Final due to CVE-2022-41881, CVE-2022-41915
  • CDPD-47988: Atlas - Upgrade Netty to 4.1.86.Final due to CVE-2022-41881, CVE-2022-41915
  • CDPD-47984: [Unit test] 'testTimeOut' Unit test fails intermittently
  • CDPD-47954: Ozone - Vulnerable libraries found in weld-servlet-2.4.7.Final.jar
  • CDPD-47951: Hue - Upgrade tomcat to 8.5.84/9.0.69+/10.1.2+ due to CVE-2022-42252, CVE-2022-34305, CVE-2022-45143
  • CDPD-47949: Upgrade tomcat to 8.5.84/9.0.69+/10.1.2+ due to CVE-2022-42252, CVE-2022-34305, CVE-2022-45143
  • CDPD-47914: Schema Registry - Upgrade moment.js to 2.29.4 due to CVE-2022-24785, CVE-2022-31129
  • CDPD-47912: Atlas - Upgrade moment.js to 2.29.4 due to CVE-2022-24785, CVE-2022-31129
  • CDPD-47864: Parquet - CVE-2021-41561-Parquet is vulnerable to Dos attack
  • CDPD-47860: Tez - Upgrade Bouncy Castle to 1.70 due to high CVEs
  • CDPD-47765: [Unit test] testSqoopActionWithCommandAndFreeFormQuery YARN app status' was expected:FINISHED but was:RUNNING
  • CDPD-47557: SparklyRHWC certification with R4
  • CDPD-47378: Backport Hue PR 3107
  • CDPD-47235: IMPALA-11767 Hudi reads fail on Ozone with INVALID_VOLUME_NAME org.apache.hadoop.ozone.om.exceptions.OMException: Bucket or Volume name cannot start with a period or dash
  • CDPD-47205: IMPALA-11736 LOAD DATA statement with Ozone data can not load data from different bucket
  • CDPD-46555: Search - Upgrade protobuf-java to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171
  • CDPD-46378: [cds3.2-cdp7.1.7.2000][sac3_unittest] log4j class not found errors
  • CDPD-46376: Use secure XML parser utils in MapReduce
  • CDPD-46375: Use secure XML parser utils in YARN
  • CDPD-46368: Impala remote Ozone scans slow even after data cache warmup
  • CDPD-46151: Backport HADOOP-18469 and HDFS-16795
  • CDPD-45878: Update bootstrap to 4.4.1
  • CDPD-45845: Schema Registry - Upgrade Scala to 2.13.9 due to CVE-2022-36944
  • CDPD-45071: IMPALA-11614 TestValidateMetrics.test_metrics_are_zero fails with num-missing-volume-id for Ozone
  • CDPD-44748: Tez - Replace log4j 1.x with reload4j
  • CDPD-43553: Spark - Upgrade jersey's jersey to 2.36/3.0.5 due to medium CVEs
  • CDPD-43509: Hive Security - Upgrade dom4j: flexible XML framework for Java to safe version due to critical CVEs
  • CDPD-43489: Hive Security - Upgrade Guava: Google Core Libraries for Java to v28.2/31.1-jre due to medium CVEs
  • CDPD-43378: Handle block location for Ozone
  • CDPD-43377: Test coverage for Ozone Transparent Data Encryption
  • CDPD-43376: Ozone support for file handle cache
  • CDPD-43370: Impala Ozone Support
  • CDPD-41491: Impala queries fail with Hive exception referring to HikariPool-1
  • CDPD-36991: Backward compatibility for check provided for AttributeName in Parent and Child TypeDef
  • CDPD-35438: When classification is created with multiple super types having same attributes , Atlas doesn't throw an exception
  • CDPD-28513: HADOOP-17628. Distcp contract test is really slow with ABFS and S3A; timing out
  • CDPD-20476: Refresh icon in left Assist while on DB panel resets to 'default' DB on table panel
Table 1. Cloudera Runtime 7.1.8.25 (Cumulative Hotfix 5) download URL:
Parcel Repository Location 
https://[username]:[password]@archive.cloudera.com/p/cdh7/7.1.8.25/parcels/