Cumulative hotfix CDP PvC Base 7.1.8 (Cumulative hotfix9)

Know more about the cumulative hotfix 9 for 7.1.8. This cumulative hotfix was released on June 1, 2023.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.8-1.cdh7.1.8.p35.41426564

  • KT-7467: Keytrustee - Upgrade Spring-boot to 2.11+ or 3.0.6+ due to CVE-2023-20873
  • KT-7461: [7.1.8.x] - Upgrade org.json to 20230227+ due to CVE-2022-45688
  • KT-7458: [CDH-7.1.8.x] - Upgrade commons-codec to 1.13+
  • KT-7457: [CDH-7.1.8.x] - Upgrade commons-io to 2.7+ due to CVE-2021-29425
  • COMPX-14340: YARN-11490 JMX QueueMetrics breaks after mutable config validation in CS
  • COMPX-14147: YARN-11312 [UI2] Refresh buttons don't work after EmberJS upgrade
  • CDPD-56581: Backport CDPD-46655 to hbase-filesystem CDH-7.1.8.x branch
  • CDPD-56580: Backport CDPD-40352 to hbase-filesystem CDH-7.1.8.x branch
  • CDPD-56384: Ranger - Upgrade Spring LDAP to 2.4.1 due to high CVEs
  • CDPD-56383: Ranger - Upgrade BeanShell to 2.1b5 due to high CVEs
  • CDPD-56381: Ranger - Upgrade Apache Derby due to critical CVEs
  • CDPD-56334: Backport HADOOP-17270. Fix testCompressorDecompressorWithExeedBufferLimit to cover the intended scenario
  • CDPD-56266: Backport CDPD-55922 to 7.1.8 CHF
  • CDPD-56258: Backport CDPD-55116 to 7.1.8 CHF9
  • CDPD-56228: Backport PARQUET-2258 to CDH-7.1.8.x
  • CDPD-56213: Fix sql patch 65 syntax issue for oracle db
  • CDPD-56183: Backport IMPALA-11435 to CDH-7.1.8 CHF9
  • CDPD-56134: Reload4j migration error in ZooKeeper
  • CDPD-56132: Atlas - Upgrade Spring Security to 5.7.8+/5.8.3+/6.0.3+ due to CVE-2023-20862
  • CDPD-56017: Backport HDDS-8385. Ozone can't process snapshot when service UID > 2097151
  • CDPD-56011: ServiceTagsProcessor fails to handle update of an existing Service-Resource
  • CDPD-55994: Ranger Upgrade to 7.1.9 may fail
  • CDPD-55978: [7.1.8 CHFx CLONE] - Wrong permission check for Hive "Alter View as" command in Ranger HiveAuthorizer
  • CDPD-55780: SR mTLS unit test secondary cert is expired
  • CDPD-55617: Atlas - Upgrade Nimbus-JOSE-JWT to 9.24 due to CVEs coming from json-smart
  • CDPD-55609: Schema Registry - Upgrade Nimbus-JOSE-JWT to 9.24 due to CVEs coming from json-smart
  • CDPD-55562: Include HOTFIX-5604 for HDDS-6991: Setting bucket owner may throw NPE
  • CDPD-55561: Ranger - Upgrade bcpkix-jdk15on to 1.70+ due to CVE-2019-17359
  • CDPD-55527: Backport HBASE-27619
  • CDPD-55526: Backport HBASE-27484
  • CDPD-55525: Backport CDPD-46655
  • CDPD-55524: Backport HBASE-27368
  • CDPD-55523: Backport HBASE-27265
  • CDPD-55522: Backport HBASE-27204
  • CDPD-55521: Backport HBASE-27017
  • CDPD-55520: Backport HBASE-27061
  • CDPD-50462: [7.1.8.x] - Ranger - Upgrade org.json to 20230227+ due to CVE-2022-45688
  • CDPD-50450: Backport HIVE-27201: Inconsistency between session Hive and thread-local Hive may cause HS2 deadlock
  • CDPD-48171: Spark - Upgrade snakeyaml due to CVE-2022-1471
  • CDPD-45389: Calcite - Upgrade snakeyaml to 1.32 due to high CVEs
  • CDPD-43470: CDPD - Upgrade aws-java-sdk to 1.12.261+ due to CVE-2022-31159
  • CDPD-41590: IMPALA-11406 Incorrect duration logged in "Authorization check took n ms"
  • CDPD-56005 Backport SPARK-26548 to Spark2
  • CDPD-56007 Backport SPARK-26617 to Spark2

Technical Service Bulletin

TSB 2024-775: FileNotFoundException for Ozone Filesystem JAR during or after CDP installation or upgrade
A potential availability issue has been found with services that have an Ozone client dependency on the ozone-filesystem-hadoop3 fat JAR file when upgrading the Cloudera Data Platform (CDP) Private Cloud Base cluster from version 7.1.8 to 7.1.9. This issue may also affect service installations, runs, and restarts during or after the CDP Private Cloud Base installation or upgrade.
The following exception appears on the Cloudera Manager User Interface (UI) or in the log files of the respective service when an installation, upgrade or other operations fail due to this issue: `java.io.FileNotFoundException: /path/to/ozone-filesystem-hadoop3-<version>.jar (No such file or directory).
The failure is caused by the broken symbolic link: /var/lib/hadoop-hdfs/ozone-filesystem-hadoop3.jar. This issue arises if the hdfs user already exists on the node before the Cloudera Runtime parcel activation. When the hdfs user already exists on the node, the Cloudera Manager agent skips the initialization related to Hadoop Distributed File System (HDFS), which includes creating the /var/lib/hadoop-hdfs directory. As the path is not created, the symbolic link cannot be created during the parcel activation process. This results in a series of broken symbolic links that point to the Ozone binaries.
Knowledge article
For the latest update on this issue see the corresponding Knowledge Article: TSB 2024-775: FileNotFoundException for the Ozone FS JAR during or after installation or upgrade