Fixed issues in 7.1.9 SP1 CHF 14
Know more about the list of fixes that are shipped for CDP Private Cloud Base version 7.1.9 SP1 CHF 14.
- CDPD-94496: Security vulnerability related to Apache Tika
- This fix addresses a critical XML External Entity (XXE) vulnerability, as described in CVE-2025-66516, in the Apache Tika core and parser modules. This vulnerability could be exploited by using a crafted XFA file within a PDF document.
- Backport of Apache Tika version
- Apache Tika 2.9.4 is now forked, patched and built internally into 2.9.4.cldr-b21. This
applies for NiFi and CFM as well.
Cloudera Search uses the downstream version of Tika 2.4.1 (2.4.1.cldr-b12) as well which is essentially patched with the CVE fix.
. - HIVE-26456: Duplicate rows after query-based minor compaction
- Previously, duplicate rows appeared in table results after you ran a minor compaction.
- HIVE-26147: Null pointer exception when ACID key index is missing
- Previously, queries failed with a null pointer error when reading ACID-compliant ORC files that were missing specific index metadata.
- HIVE-21052: Cleanup failure for aborted transactions
- Previously, if a transaction aborted before partition registration, the system flagged it as empty.
- HIVE-24374: Metadata removal for aborted writes in batched delta files
- This issue is now fixed.
Apache Jira: HIVE-24374
- HIVE-25502: Data loss when cleaning aborted transactions with dynamic partitions
- Previously, running the cleaner after an aborted streaming transaction could cause data loss in unrelated partitions.
- HIVE-25257: Incorrect row order validation for query-based major compaction
- Previously, query-based major compaction failed when processing tables with multiple transaction statements, such as consecutive MERGE operations.
Common Vulnerabilities and Exposures (CVE) that is fixed in this CHF:
- CVE-2025-66516 - Apache Tika
