Fixed issues in 7.1.9 CHF 1

Know more about the cumulative hotfixes 1 for 7.1.9. This cumulative hotfix was released on November 02, 2023.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.9-1.cdh7.1.9.p2.46689620
  • COMPX-15363: Scheduling rules are not restored from CM properly when cluster is restarted
  • COMPX-15282: Backport MAPREDUCE-7456 (Extend add-opens flag to container launch commands on JDK17 nodes for YARN)
  • COMPX-15236: QM create versions call, creates multiple config_sets
  • COMPX-15216: QM Database migration breaks for clusters where H2 database prior to migration had duplicate config_sets for a namespace, version pair
  • CDPD-62299: [UnitTest] Oozie unit test failures due to unable to start Hive Metastore server
  • CDPD-62232: Hive: Upgrade snappy-java version to 1.1.10.5 in 7.1.9.x
  • CDPD-62128: Using centralised version of snappy-java in Search
  • CDPD-62126: Using centralised version of snappy-java in Solr
  • CDPD-62125: Kafka - Upgrade snappy-java to 1.1.10.5 due to CVE-2023-43642
  • CDPD-61810: Datanucleus upgrade causes test failures in Oozie
  • CDPD-61672: Fetch JAVA_OPTS variable in db_setup.py which is provided from CSD.
  • CDPD-61616: Extend Java opts for Livy to support JDK17 + Isilon
  • CDPD-61605: Extend Java opts for Spark to support JDK17 + Isilon
  • CDPD-61595: Backport HIVE-27213 to CDH-7.1.9.x
  • CDPD-61586: Implement a workaround for Cruise Control CPU metric collection failure 7.1.9+
  • CDPD-61568: [AUTOSYNC] Snapshot should use snapshot's keyManager in optimizeDirDeletesAndSubmitRequest
  • CDPD-61564: Caused by: java.lang.NoClassDefFoundError: org/datanucleus/store/query/cache/QueryCompilationCache
  • CDPD-61562: Exclude reload4j library from ranger
  • CDPD-61547: Sqoop should not close the 'System.out' and 'System.err'
  • CDPD-61540: CDH-7.1.9.1-17 shows compiler errors for zeppelin on all the OSes
  • CDPD-61525: Excluding groovy from gateway-cloud-binding
  • CDPD-61501: "Sync source" filter in User/Group search in Oracle DB used clusters leads to an error
  • CDPD-61439: [7.1.9 CHF 1] In Tag-based policy from Ranger Admin UI, Allow Conditions permissions item is not showing services permissions which have enableDenyAndExceptionsInPolicies flag false
  • CDPD-61433: [7.1.x]- Ranger CSV Report extract may fail with Null pointer exception
  • CDPD-61432: Bump jackson-mapper-asl to 1.9.13-cloudera.4 version
  • CDPD-61398: [AUTOSYNC] LegacyReplicationManager: Delete excess unhealthy with force=true
  • CDPD-61379: [AUTOSYNC] Avoid overriding finalize() in CodecBuffer
  • CDPD-61324: Backport HIVE-25918 to CDH-7.1.9.x
  • CDPD-61317: Backport CDPD-61098 to 719 CHF
  • CDPD-61316: Backport CDPD-61018 to 718 CHF and 719 CHF
  • CDPD-61314: Backport PHOENIX-6560 Rewrite dynamic SQL queries to use Preparedstatement
  • CDPD-61310: Backport PHOENIX-7005 Spark connector tests cannot compile with latest Phoenix
  • CDPD-61309: Backport PHOENIX-6899 Query limit not enforced in UncoveredIndexRegionScanner
  • CDPD-61306: Backport PHOENIX-6916 Cannot handle ranges where start is a prefix of end for desc columns
  • CDPD-61292: Add InterfaceAudience.Public annotations to relevant HBase-MCC classes
  • CDPD-61269: Backport PHOENIX-6854 Salted global indexes do not work for queries with uncovered columns
  • CDPD-61263: Backport IMPALA-11195 to 7.1.9 CHF
  • CDPD-61244: Recon - HeatMap UI doesn't load On Disabling & Enable Recon HeatMap using Feature Flag
  • CDPD-61232: Backport IMPALA-10829 to 7.1.9 CHF
  • CDPD-61223: Backport HIVE-27303 to CDH-7.1.9.x
  • CDPD-61221: Backport SPARK-40617 to 719 CHF
  • CDPD-61188: Hue build failed because of latest virtualenv version
  • CDPD-61170: [7.1.x] - Improve ExportCSV download time
  • CDPD-61148: [AUTOSYNC] LegacyReplicationManager: Unhealthy replicas could block under replication handling
  • CDPD-61146: Backport CDPD-57831 to 719 CHF
  • CDPD-61125: [719] - Ranger KMS junit tests are failing
  • CDPD-61108: [7.1.9 CHF] - RangerJSONAuditWriter creates new log file for writing ranger audits as JSON every time there is an Exception
  • CDPD-61103: Backport HIVE-22961 to CDH-7.1.9.x
  • CDPD-61072: [AUTOSYNC] Add assertions to BlockOutputStream
  • CDPD-61067: [AUTOSYNC] Investigate whether listStatus() is correctly iterating cache
  • CDPD-61064: [AUTOSYNC] Fix snapdiff output for key modification
  • CDPD-61051: [7.1.9 CHF1 CLONE] - [Intermittent] Active NN not getting latest resource mappings from RMS server
  • CDPD-61050: [ranger][replication] empty export roles file causing transform step to fail
  • CDPD-61046: Bump NodeJS version to 20.5.1 due to multiple CVEs
  • CDPD-61033: Backport HIVE-27632 to CDH-7.1.9.x
  • CDPD-61007: Backport HIVE-27304 to CDH-7.1.9.x
  • CDPD-61001: Backport HIVE-25576 to 7.1.9.x
  • CDPD-60984: [719 CHF1] Ranger - Upgrade Tomcat to 8.5.93/9.0.80 due to CVE-2023-41080
  • CDPD-60973: livy_unittests failed in livy-server module
  • CDPD-60961: Ozone replication manager uses mismatched replicas as replication sources
  • CDPD-60960: Ozone replication manager cannot progress when all nodes have a replica
  • CDPD-60951: [7.1.9 CHF1] Add server side validation for service audit filter
  • CDPD-60919: [7.1.9 CHF1] [Ranger React UI] Difference in user lookup API request in permissions module page between React UI and BackBone UI
  • CDPD-60915: [7.1.9 CHF1] Update swagger version in Ranger
  • CDPD-60911: Knox Readiness Awareness and Notification
  • CDPD-60876: Ranger Junit Tests failing
  • CDPD-60871: [UnitTest] testQueueSizeAfterNormalSubmission fails with 'Too few elements in the queue'
  • CDPD-60859: Enable nashorn features in GraalVM
  • CDPD-60847: Kafka_connect_ext - Vulnerable Guava version coming from debezium-core:1.9.7.Final
  • CDPD-60842: [7.1.9 CHF1] - Fix to use "public/v2/api/zone-headers" api to get list of zones in Access Logs and Report pages
  • CDPD-60839: Upgrade Groovy version >= 3.0.8 to support knoxshell on JDK17 cluster
  • CDPD-60817: IMPALA-12409 Don't allow EXTERNAL Iceberg tables to point another Iceberg table in Hive catalog
  • CDPD-60794: [7.1.9 CHF1] In Audit, Plugin Status tab if the record of respective service is in second page then Service Type filter for that service would show no result
  • CDPD-60772: IMPALA-10086 SqlCastException when comparing char with varchar
  • CDPD-60767: [AUTOSYNC] Snapshot Chain corruption because snapshot chain need not be created in increasing order of CreatedTime
  • CDPD-60760: [IBM-PPC] hive server2 service is going down after restart on RHEL8.6
  • CDPD-60733: KC qe tests should configure Ranger port and protocol in secure and unsecure clusters differently
  • CDPD-60728: [AUTOSYNC] Log EC Replica details if a block cannot be read during reconstruction
  • CDPD-60722: Backport HIVE-27586 to 7.1.9.x
  • CDPD-60718: Solr Initialisation failing for connection to Solr server while loading heatmap
  • CDPD-60687: [7.1.x] Ranger - Upgrade Spring Security to 5.7.10/5.8.5/6.0.5/6.1.2 due to CVE-2023-34034 and CVE-2023-34035
  • CDPD-60633: [7.1.9 CHF1] Need to fix zone drop-down option in policy listing for user not having 'Security Zone' module permission
  • CDPD-60620: Ozone Recon HeatMap - DrillDown to particular volume not working in multiple volumes starting with same initials are present
  • CDPD-60608: Ozone Recon HeatMap - Throws 500 when selecting entity type as Volume
  • CDPD-60601: OM restart fails due snapshot chain corruption
  • CDPD-60598: RATIS-1868. Handling Netty back pressure when streaming ratis log
  • CDPD-60591: [AUTOSYNC] EC: Mark EC containers unhealthy when not missing but unrecoverable
  • CDPD-60584: [7.1.9 CHF1 CLONE] - Addressing Vulnerability Type:HTTP Security Header Not Detected only for default HTTPS Port 8484 of RMS
  • CDPD-60551: FIPS/FISMA: Oozie needs to grab common JVM settings from hadoop-env.sh by using HADOOP_CLIENT_OPTS
  • CDPD-60366: [AUTOSYNC] Native library loader fails when system property "native.lib.tmp.dir" is not set
  • CDPD-60363: [AUTOSYNC] A mis replicated EC container with UNHEALTHY replicas may not get resolved
  • CDPD-60267: Backport HIVE-27595 to CDP
  • CDPD-60240: [AUTOSYNC] Improve debug logging in SCMCommonPlacementPolicy when validating nodes
  • CDPD-60199: HMS memory leak because of datanucleus-api-jdo bug
  • CDPD-60160: Schema Registry Atlas integration does not work with Oracle DB
  • CDPD-60072: [AUTOSYNC] Rename should throw exception upon error
  • CDPD-60036: FISMA - Solr is accepting ciphers outside FIPS compliant list on port 8985 - 'TLS_DHE_RSA_WITH_AES_256_CCM_8', 'TLS_DHE_RSA_WITH_AES_256_CCM', 'TLS_DHE_RSA_WITH_AES_128_CCM_8', 'TLS_DHE_RSA_WITH_AES_128_CCM'
  • CDPD-60022: Can't set volume space quota on volume if volume has linked bucket
  • CDPD-59988: [AUTOSYNC] Decommissioning blocked because of under replicated EC containers
  • CDPD-59747: Container stuck in QUASI_CLOSED state causing re-replication failure
  • CDPD-59683: Ranger audits are not produced when --all option is added while listing the volume
  • CDPD-59623: Cruise Control - Upgrade Okio to 3.4.0 due to CVE-2023-3635
  • CDPD-59621: Kafka Connect - Upgrade Okio to 3.4.0 due to CVE-2023-3635
  • CDPD-59620: Ranger - Upgrade Okio to 3.4.0 due to CVE-2023-3635
  • CDPD-59618: Hadoop - Upgrade Okio to 3.4.0 due to CVE-2023-3635
  • CDPD-59614: Backport PHOENIX-6952 Do not disable normalizer on salted tables
  • CDPD-59482: [UnitTest] testThereAreNoToManyIdenticalCallbackUrlList fails due to host list size assertion
  • CDPD-59480: [UnitTest] testQueueSizeWithDelayedElements Oozie unit test fails intermittently with AssertionFailedError
  • CDPD-59421: [719] Knox restart failed due to failure in "wait until.." script for cdp-proxy-api which is due to EOFException
  • CDPD-59379: Backport CDPD-58191 to 7.1.x CHFs
  • CDPD-59344: Fix and backport PHOENIX-6999 Point lookups fail with reverse scan
  • CDPD-59138: [AUTOSYNC] Intermittent Delete root failed
  • CDPD-59126: Seeing noexec permission on /tmp/liborg_apache_ratis_thirdparty_netty_transport_native_epoll_x86
  • CDPD-58949: Import should not deduplicate schemas
  • CDPD-58854: Few Ozone EC Distcp jobs are failing because pipeline limit has been reached
  • CDPD-58848: Impala - Upgrade json-smart to 2.4.10 due to CVE-2023-1370
  • CDPD-58652: Backport PHOENIX-6986 Add property to disable server merges for hinted uncovered indexes
  • CDPD-58495: Ozone - Upgrade Netty Project to 4.1.94.Final due CVE-2023-34462
  • CDPD-58220: ZDU | Getting java.lang.ClassNotFoundException: org.cloudera.log4j.redactor.RedactorAppender while starting ZEPPELIN
  • CDPD-58029: [AUTOSYNC] Close open container immediately on ICR of unhealthy replica
  • CDPD-58027: [AUTOSYNC] Fix Snapdiff output for key renames
  • CDPD-58019: Ratis-Thirdparty - Bump guava to 32.0.0-jre
  • CDPD-56724: Oozie web console is allowing access to list directories
  • CDPD-56480: [AUTOSYNC] OmDBSnapshotInfoCodec.copyObject(..) does not follow the general contract of copy.
  • CDPD-56456: Fix and backport PHOENIX-6961 Non-covered index failure with covered index fields
  • CDPD-56176: Fix and backport PHOENIX-6910 Scans created during query compilation and execution against salted tables need to be more resilient
  • CDPD-55637: [AUTOSYNC] ReplicationManager: Unhealthy replicas could block Ratis containers being recovered
  • CDPD-55101: Invocation of Main class completed Message is skipped when LauncherSecurityManager calls system exit
  • CDPD-55043: [AUTOSYNC] KeyDeleting service should not reclaim snapshot keys.
  • CDPD-48979: Rotated Ranger KMS access logs aren't getting removed
  • CDPD-30427: Fix custom ZooKeeper trust manager for FIPS
  • TSB 2023-703: Risk of Data Loss when using Hue S3 File Browser