Fixed issues in 7.1.9 SP1 CHF 13
Know more about the list of fixes that are shipped for CDP Private Cloud Base version 7.1.9 SP1 CHF 13.
- CDPD-64874: Intermittent failure in
TestOzoneRpcClientAbstract.testListSnapshot - The
listSnapshot
API uses the
org.apache.hadoop.ozone.om.ListIterator.MinHeapIteratorstatic class, which internally uses theCacheIteratorandDBIteratorobjects. TheDBIteratorobject checks if the rocks DB key is present in the cache in theorg.apache.hadoop.ozone.om.ListIterator.DbTableIter#getNextKeymethod. Previously, this check accessed the cache from the table cache, which could be intermittently flushed, causing the addition of duplicate entries in theorg.apache.hadoop.ozone.om.ListIterator.MinHeapIteratorstatic class. This issue is now fixed and you must use the preloaded keys in theorg.apache.hadoop.ozone.om.ListIterator.CacheIter#cacheKeyMapmethod within theorg.apache.hadoop.ozone.om.ListIterator.CacheIterstatic class. - CDPD-69064: DataNode volume DU reserved percentage should have a non-zero default value
- Previously, the
hdds.datanode.dir.du.reserved.percentDataNode configuration default value was zero. This issue is fixed now and the default value is 0.0001, which means that the reserved percentage is 0.01%. As a result, for each DataNode volume being used by Ozone, the available volume capacity for Ozone is calculated by real capacity volume - (real capacity of the volume * 0.0001), ensuring that 0.01% of the volume is preserved for non-Ozone use. - CDPD-90382: FSO to FSO replication failing for snapshot diff issue
- Previously, FSO to FSO bucket replication using Replication
Manager failed if the
ozone sh snapspdiffreport between the current and previous snapshot contained more than 1000 entries. This was because Replication Manager could not parse the additional newline at the end of each page in the paginated response. This issue is now fixed by removing the additional newline at the end of every page in snapdiff output. - CDPD-92017: Set
ozone.om.group.rightsconfiguration default value toALL - Previously, the
ozone.om.group.rightsconfiguration valueREAD, LISTcould not be processed by lower version Ozone. This issue is now fixed by setting the default value of theozone.om.group.rightsconfiguration toALL. - CDPD-87831: Avoid scheduling replications on full DataNodes by tracking pending operation size in SCM
- Previously, Storage Container Manager (SCM) scheduled replication commands to fix under-replication or misreplication for container moves, decommissioning, and other operations for both Ratis and EC containers. SCM checked whether a target DataNode had space equal to twice the containerSize value before selecting it as the target node for container replication. However, SCM did not track pending operation size of scheduled. Consequently, SCM could over-schedule replications to a target DataNode that did not have enough space. This issue is now fixed.
- CDPD-80178: Missing check for space availability for all DNS while container creation is in pipeline
- Previously, if the leader node in pipeline did not have capacity to create a new container, it might have returned a container creation failure. If the follower node did not have the capacity to create new container, it might have failed and kept trying for another follower node to be successful. This could cause the disk to fill upl with parallel write blocks through a state machine, and slowed down the write capability and failure response. This issue is now fixed by checking whether a DataNode has enough space for a new container before allocating a new container to that DataNode. This improves write performance and reduces container creation failure in scenarios when DataNodes have less than 5GB disk space remaining.
- CDPD-80031: Missing latency metrics in Ozone Manager for deletion services
- Previously, no metrics were available in Ozone Manager to measure how long each iteration of the deletion services were taking. This issue is now fixed and latency metrics for key deletion services of Ozone Manager are available now.
- CDPD-85199: Upgraded jackson-core to 2.15.0
- The
jackson-coreversion of the Jackson Data Processor for Phoenix Query Server (PQS) and OMID is upgraded to 2.15.0 due to CVE-2025-49128 and CVE-2025-52999. - CDPD-76594: Impala Iceberg table creation fails in Hue
- Previously, creating Iceberg tables in Impala using the Hue importer failed. This issue is now resolved, by allowing seamless table creation.
- CDPD-78292: Hue defunct gunicorn worker processes
- On Ubuntu 22, when using Oracle Database,
rungunicornserverworker processes might have accumulated due to incomplete process termination and stale database connections. This resulted in a cluttered process table but did not critically impact service functionality. This issue is now resolved. - CDPD-90930: Hue Metadata front end cache not functioning correctly
- Previously, the metadata front end cache was not applied as expected, resulting in slower page load times and degraded responsiveness. This issue is now resolved, and metadata is properly cached, improving UI performance and overall user experience.
- CDPD-89886: FileUtils.isOwnerOfFileHierarchy does not have the recurse parameter
- This patch resolves performance degradation in
add_partition API calls to the Hive Metastore (HMS). The latency of
the add_partition calls increases significantly with the number of
folders and files in HDFS. You can optimize performance by using the existing
xasecure.hive.uri.permission.coarse.checkconfiguration parameter. Setting this value totrueprevents recursive permission checks on the parent folder. - CDPD-89263: Enhanced file extension controls for Hue file management
- Previously, Hue allowed only the control of allowed and restricted file type extensions for Hue file uploads.
- CDPD-87409: Duplicate compaction processing by multiple HiveServer2 threads
- Multiple HiveServer2 Compactor Worker threads could process the same minor compaction simultaneously. This created duplicate delta directories in HDFS and caused subsequent table operations to fail with an llegalStateException error.
- CDPD-91034: MariaDB falls back to MySQL in Hive
- Hive downstream had errors in supporting MariaDB.
- CDPD-92487: Impala compatibility with OpenSSL 3.2 on RHEL 9.5
- Impala experienced widespread failures, including numerous test failures and cluster hangs, after RHEL/Rocky 9.5 updated its OpenSSL version from 3.0.2 to 3.2.x. This OpenSSL rebase broke two core areas in Impala, affecting both AES-GCM encryption and SSL connection handling.
- CDPD-91626: Stable file system operations
- Unreadable paths in Java CLASSPATH could lead to crashing during
startup without an informative error message. This is now resolved by ignoring
unreadable paths in CLASSPATH.
Apache Jira: IMPALA-13371
- CDPD-81958: Improve cookie security in Knox-proxied web UIs with
SecureandHttpOnlyattributes - Previously, the
pac4jCsrfTokencookie in Apache Knox-proxied applications did not contain theSecureandHttpOnlyflags. This issue is now fixed by ensuring that thepac4jCsrfTokencookie has both theSecureandHttpOnlyflags in Knox-proxied applications, improving the security provided by Knox.
Common Vulnerabilities and Exposures (CVE) that is fixed in this CHF:
| CVE-2014-0114 | commons-beanutils |
| CVE-2019-10086 | commons-beanutils |
| CVE-2024-52046 | mina-core |
| CVE-2021-37404 | Apache Hadoop |
| CVE-2022-25168 | Apache Hadoop |
| CVE-2023-44981 | Debian Linux |
| CVE-2018-17190 | Apache Spark |
| CVE-2021-32797 | JupyterLab |
| CVE-2025-30065 | Parquet |
| CVE-2023-22946 | Apache Spark |
