Cloudera Docs

What's new in Cloudera Runtime 7.1.9 SP1 CHF 15

Understand the functionalities and improvements to features of components in Cloudera Runtime 7.1.9 SP1 CHF 15.

Platform support

New platform support
RHEL 9.6 is now supported starting from 7.1.9 SP1 CHF 15.

Apache Knox

Improved custom descriptor and shared provider configuration management in Knox
The users can now remove previously created custom descriptors, including their associated topologies, and shared provider configurations when they are no longer needed.
For more information, see Remove a custom descriptor from Apache Knox and Remove a shared provider configuration.

Hue

Enhanced session security for Hue
Hue now includes security for the session ID (sessionid) cookie. This enhancement helps prevent unauthorized access results in data exposure, unauthorized query execution, and job submission across connected Hue services.
For more information, see Securing Hue sessions.

Apache Ozone

New metrics added in the Grafana dashboard
The following metrics are added in the Grafana dashboard:
  • Block count sent from Storage Container Manager to DataNode (Includes both overall and DataNode specific block count)
  • Block count received from Ozone Manager
  • Command timedout from Storage Container Manager to DataNode
Configuration Changes for the FIPS-compliant SASL Changes
Starting from Cloudera Runtime 7.1.9 SP1 CHF15 onwards, Cloudera supports DIGEST-SHA, a new SASL mechanism, to replace DIGEST-MD5. DIGEST-SHA is similar to DIAGEST-MD5 except that DIGEST-SHA uses SHA256 and AES instead of MD5 and DES for message digest and encryption, respectively. As a result, DIGEST-SHA uses only FIPS-compliant algorithms. For more information, see Step 1: Prepare hosts.

Yarn

A new security filtering mechanism introduced inside the Application Master
A new security filtering mechanism inside the Application Master prevents unauthorized mapper or reducer implementations from running within the cluster. This feature ensures that only approved classes or packages are executed inside containers, protecting the cluster from unwanted or unsafe task implementations that may introduce performance, stability, or security risks. For more information, see Hadoop MapReduce Application Manager based security filter

Oozie

Oozie SSH action port is configurable
The Oozie SSH action port always uses the default port number 22. The default behaviour is still the same. But, you can change the port number using the following methods:
  1. Use the new 0.4 schema version for your SSH action in your workflow.xml and add the port XML element with the new value.
    Example
    <port>11100</port>
  2. Set the port number globally by adding the following oozie-site.xml safety-valve in Cloudera Manager with the new value.
    Example,
    "oozie.action.ssh.action.port: 11100"

If you set both the options, then the value set in the workflow.xml takes precedence and the port with the new port number should open in the target host.