Cloudera Docs

Fixed issues in 7.1.9 CHF 2

Know more about the cumulative hotfixes 2 for 7.1.9. This cumulative hotfix was released on December 22, 2023.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.9-1.cdh7.1.9.p3.48381316
  • CDPD-63321: (HBASE-25643) The delayed FlushRegionEntry is replaced with the non-delayed one. The RegionServer periodically checks all the regions, if one is not flushed for a long time, then it creates a delayed FlushRegionEntry, the delay range is 0~300s. During the delay time, if many data are sent to the region, the flush can not be done immediately due to the existing one in regionsInQueue, and then the RegionTooBusyException occurs.
  • CDPD-62205: A regression that was introduced in PHOENIX-6658 is fixed, which might affect users who still need to migrate to strongly consistent indexing. The regression issue affects the user’s upgrade process and might also cause the old-styled indexes to go out of sync, which might require a full index rebuild.
  • COMPX-15752: Queuemanager: configdiff validation error from 7.1.9 CHF1 -> CHF2
  • COMPX-15602: Queuemanager loader spinner disappearing before UI is updated/rerendered
  • COMPX-15452: Verify that existing 7.1.9 customers migrated to Postgres can still use PostGres
  • COMPX-15448: Testing normal functioning upgrades and fresh install clusters
  • COMPX-15444: CPX changes to allow users to stay on H2 db - update database migration Info API
  • COMPX-15443: Config Service Changes to disable QM migration using flag
  • COMPX-15432: QueueManager flag to turn off database migration
  • COMPX-15421: Fix broken UTs in CPX - ConfigServiceConnectorTest
  • COMPX-15420: Update date format for DQS after switching to postgres DB
  • COMPX-15375: CDPD - Upgrade Okhttp to 4.11.0 due to CVE-2023-0833 and CVE-2021-0341
  • COMPX-15308: YARN-11578 Fix performance issue of permission check in verifyAndCreateRemoteLogDir
  • COMPX-14855: Backporting YARN-11535 (Remove jackson-dataformat-yaml dependency)
  • COMPX-14759: Queue Manager - Upgrade commons-configuration2 to 2.9.0 due to CVEs
  • COMPX-14713: Backport YARN-11464 (TestFSQueueConverter#testAutoCreateV2FlagsInWeightMode has a missing dot before auto-queue-creation-v2.enabled for method call assertNoValueForQueues)
  • COMPX-14064: Default ULF for dynamic queue template should be -1 in Weight mode
  • COMPX-8329: Fix failing YARN Unit test: TestYarnConfigurationFields.testCompareConfigurationClassAgainstXml - yarn.web-proxy.gateway.url
  • COMPX-7493: YARN Tracking URL that is shown in the command line does not work when knox is enabled
  • COMPX-7247: Fix failing unit test: org.apache.hadoop.yarn.server.nodemanager.containermanager.container.TestContainer.testKillOnNew
  • CDPD-64790: Atlas build failure across release lines
  • CDPD-64730: Oozie LauncherAM memory settings cannot be applied
  • CDPD-64258: hive: Analyse compatibility report generated - between 7.1.9 CHF1 and CHF2
  • CDPD-64240: CDPD-63145 causes regression in Orc
  • CDPD-64133: The Oozie client should be able to handle Java 11+ related parameters
  • CDPD-63799: Backport CDPD-45383 to 719 CHF and CDS 3.x CHFs
  • CDPD-63780: Backport CDPD-42446 to 718 CHF and 719 CHF
  • CDPD-63779: Oozie's spark actions are failing intermittently due to NPE
  • CDPD-63769: [FIPS+JDK11] Solr health issue
  • CDPD-63756: Backport CDPD-63231 to 7.1.8 CHF
  • CDPD-63665: SCM Down:UnsatisfiedLinkError while enabling hdds.grpc.tls.enabled
  • CDPD-63650: Fail early when encryption-at-rest init fails
  • CDPD-63646: Fix file descriptor leak when encryption-at-rest is enabled
  • CDPD-63602: Zeppelin - Upgrade jetty to 9.4.53/10.0.17/11.0.17 due to CVE-2023-40167, CVE-2023-36479, CVE-2023-41900, CVE-2023-36478 and CVE-2023-44487
  • CDPD-63585: [AUTOSYNC] OM is getting stuck on snapshot creation if snapshot chain is corrupted
  • CDPD-63520: Insecure direct object reference
  • CDPD-63518: Both usersync/tagsync instances becoming active and syncing users/tags in the following scenario
  • CDPD-63505: Backport IMPALA-12499 to 7.1.9 CHF
  • CDPD-63504: Backport IMPALA-11068 to 7.1.9 CHF
  • CDPD-63503: Backport IMPALA-12474 to 7.1.9 CHF
  • CDPD-63502: Backport IMPALA-12492 to 7.1.9 CHF
  • CDPD-63501: Backport IMPALA-12461 to 7.1.9 CHF
  • CDPD-63500: Backport IMPALA-12460 to 7.1.9 CHF
  • CDPD-63483: [FIPS+JDK11] - Quanta jobs failing with hadoop version cmd
  • CDPD-63481: Backport IMPALA-12548 to CDH-7.1.9.x
  • CDPD-63450: Backport HIVE-17350 to CDH-7.1.9.x
  • CDPD-63438: java.lang.NullPointerException: at org.apache.hadoop.ozone.om.ratis.OzoneManagerRatisServer.getRaftLeaderId(OzoneManagerRatisServer.java:838)
  • CDPD-63414: [AUTOSYNC] Legacy RM will not replicate all unhealthy containers when some are decommissioning
  • CDPD-63393: [CDH-7.1.9 CHF2 CLONE] - AuthorizeOnlyWithChainedPolicies shows incorrect policy in Ranger audit when policy priority is equal
  • CDPD-63351: [AUTOSYNC] Fix NPE in OMSnapshotPurgeRequest and exit loop early SnapshotDeletingService
  • CDPD-63347: Backport CDPD-60975 to 7.1.8 CHFx , 7.1.9 CHFx
  • CDPD-63321: Backport HBASE-25643 to 7.1.9 CHF2
  • CDPD-63313: IMPALA-12542 test_query_cancel_created failed in ASAN build
  • CDPD-63309: [UnitTest] testMaterializationLookup failure: timestamp mismatch
  • CDPD-63308: Iceberg - Upgrade Netty Project to 4.1.100.Final due to CVE-2022-41881, CVE-2022-41915, CVE-2023-34462, CVE-2023-44487
  • CDPD-63306: Zeppelin - Upgrade netty to 4.1.100.Final due to CVE-2023-44487
  • CDPD-63302: Keytrustee-keyhsm - Upgrade Jetty to 9.4.53/10.0.17/11.0.17 due to CVE-2023-40167, CVE-2023-36479, CVE-2023-41900, CVE-2023-36478 and CVE-2023-44487
  • CDPD-63301: SRM - Upgrade Jetty to 9.4.53/10.0.17/11.0.17 due to CVE-2023-40167, CVE-2023-36479, CVE-2023-41900, CVE-2023-36478 and CVE-2023-44487
  • CDPD-63297: Knox - Upgrade Apache Santuario - xmlsec to 2.2.6/2.3.4/3.0.3 due to CVE-2023-44483
  • CDPD-63294: Knox - Upgrade mysql-connector-j to 8.2.0 due to CVE-2023-22102
  • CDPD-63290: Atlas - Upgrade amqp-client to 5.18.0+ due to CVE-2023-46120
  • CDPD-63288: Schema Registry - Upgrade jose4j to 0.9.3 due to CVE-2023-31582
  • CDPD-63283: IMPALA-12493 Impala Query cancelled while Analyzing or Compiling partially closes but query remains on Coordinator
  • CDPD-63281: [AUTOSYNC] Backport HDDS-9550 to legacy RM (missing containers which are empty)
  • CDPD-63244: [7.1.9 CHF2] - Not able to search using multiple user filter in access audit tab
  • CDPD-63238: Parquet export fails with NoSuchMethodError
  • CDPD-63202: Ranger kms is not getting started after cdp upgrade to 7.1.9
  • CDPD-63180: Solr server unable to start after jetty upgrade to 9.4.53
  • CDPD-63145: BytesColumnVector fails when the aggregate size is > 1gb
  • CDPD-63139: [7.1.9 CHF2] [CLONE] - User name with comma split in old Ranger admin UI
  • CDPD-63126: [AUTOSYNC] Snapdiff fails in case of key renames to deleted directories
  • CDPD-63123: Sqoop build is taking 6 hours to complete
  • CDPD-63120: [AUTOSYNC] DN import of container is not safe while replication
  • CDPD-63119: [AUTOSYNC] Replication Manager could incorrectly use QUASI_CLOSED replicas as replication sources for CLOSED containers
  • CDPD-63101: CLONE - Stored cross-site scripting on "Description" field under classification
  • CDPD-63098: SMM - Upgrade Jetty to 9.4.53/10.0.17/11.0.17 due to CVE-2023-40167, CVE-2023-36479, CVE-2023-41900, CVE-2023-36478 and CVE-2023-44487
  • CDPD-63061: Cruise Control - Upgrade org.json to 20231013+ due to CVE-2023-5072, CVE-2022-45688
  • CDPD-63057: Cruise Control - Upgrade netty to 4.1.100.Final due to CVE-2023-44487, CVE-2023-34462
  • CDPD-63032: [AUTOSYNC] Datanode should log Follower cannot close container at info level
  • CDPD-63031: [AUTOSYNC] Log reason for not using a node at info level in SCMCommonPlacementPolicy
  • CDPD-62992: [AUTOSYNC] Decommission should not wait on deleting containers
  • CDPD-62982: [7.1.x] Ranger - Upgrade Json-Java to 20231013 due to CVE-2023-5072
  • CDPD-62957: [AUTOSYNC] Container report shows missing containers when they actually appear empty
  • CDPD-62935: [Analyze] [ST][Knox] test_knox_feature_topology_port_mapping tests fail
  • CDPD-62927: Schemaregistry - Upgrade JSON-Java to 20231013 due to CVE-2023-5072
  • CDPD-62926: Upgrade Json-Java to 20231013 due to CVE-2023-5072
  • CDPD-62899: Backport HDDS-9432 to CDH-7.1.9.x
  • CDPD-62868: Knox WaitForKnoxGatewayReadyToServeCommand reports http 500, service restart failure
  • CDPD-62841: SRM - Upgrade Armeria to 1.26.0 due to CVE-2023-44487
  • CDPD-62807: Backport HIVE-27558 to CDH-7.1.9.x
  • CDPD-62800: ZooKeeper TLS/SSL support for Lucene-Solr
  • CDPD-62791: NPE in SendContainerRequestHandler.deleteTarball
  • CDPD-62788: Atlas [7.1.9 CHFx] - Upgrade netty to 4.1.100.Final due to CVE-2023-44487
  • CDPD-62767: KnoxShell fails with Unsupported class file major version 61 error
  • CDPD-62756: [AUTOSYNC] DataNode decommission retries for 300 times when invalid host or port is passed in the command
  • CDPD-62741: org.apache.ratis.thirdparty.io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl$1StreamClosed@7abc0029 java.lang.NullPointerException
  • CDPD-62731: Backport HIVE-27772 to CDH-7.1.9.x
  • CDPD-62724: HSTS header missing from unsecured API in Ranger Raz, Tagsync, Usersync
  • CDPD-62721: HSTS header missing from unsecured API in Ranger Admin
  • CDPD-62699: Harmonize jackson and jackson-databind for zookeeper
  • CDPD-62666: Ignore used undeclared jetty dependency in phoenix-connectors
  • CDPD-62657: FIPS/FISMA: Oozie needs to grab default Hadoop properties for its actions
  • CDPD-62643: [AUTOSYNC] LegacyReplicationManager: Do not count unique origin nodes as over-replicated
  • CDPD-62612: Backport ZOOKEEPER-4719 Use Bouncycastle jdk18on instead of jdk15on
  • CDPD-62605: [7.1.9 CHF CLONE] - Upgrade Tomcat to 8.5.94+ (for CVE fixes) in all Ranger services
  • CDPD-62591: Hue - Upgrade Tomcat to 9.0.81 due to CVE-2023-41080 and CVE-2023-44487
  • CDPD-62586: Upgrade Tomcat to 8.5.94/9.0.81 due to CVE-2023-42794, CVE-2023-42795, CVE-2023-45648 and CVE-2023-44487
  • CDPD-62567: RATIS-1886 AppendLog sleep fixed time cause significant drop in write throughput
  • CDPD-62564: Atlas [7.1.9 CHFx] - Upgrade Okhttp to 4.11.0 due to CVE-2023-0833 and CVE-2021-0341
  • CDPD-62557: Backport HIVE-27723 to CDH-7.1.9.x
  • CDPD-62554: Backport HIVE-21100 to CDH-7.1.9.x
  • CDPD-62538: [AUTOSYNC] A reformatted datanode node cannot be decommissioned
  • CDPD-62513: SMM UI - Upgrade Node JS version to 20.8.1 due to multiple CVEs
  • CDPD-62508: CDPD - Upgrade netty to 4.1.100.Final due to CVE-2023-44487 and CVE-2023-34462
  • CDPD-62506: SMM - Upgrade netty to 4.1.100.Final due to CVE-2023-44487
  • CDPD-62505: Kafka Connect Ext - Upgrade netty to 4.1.100.Final due to CVE-2023-44487
  • CDPD-62504: Ratis thirdparty - Upgrade netty to 4.1.100.Final due to CVE-2023-44487
  • CDPD-62503: Ozone - Upgrade netty to 4.1.100.Final due to CVE-2023-44487
  • CDPD-62502: Ranger - Upgrade netty to 4.1.100.Final due to CVE-2023-44487
  • CDPD-62501: Atlas - Upgrade netty to 4.1.100.Final due to CVE-2023-44487
  • CDPD-62480: [AUTOSYNC] Non-blocking container statemachine cache
  • CDPD-62456: Hive Acid Replication Support for Dell Powerscale - Backend Changes
  • CDPD-62453: Backport HIVE-27760 to CDH-7.1.9.x
  • CDPD-62448: Explicit handling of DIGEST-MD5 vs GSSAPI in quorum auth
  • CDPD-62359: Backport PHOENIX-6994 Do not duplicate options specified in PHOENIX_QUERYSERVER_OPTS in queryserver.py
  • CDPD-62348: Backport IMPALA-12462 to 7.1.9 CHF
  • CDPD-62347: Backport IMPALA-8675 to 7.1.9 CHF
  • CDPD-62312: Re-enable dependency harmonization for ZooKeeper
  • CDPD-62297: Oozie unit tests do not clean up tens of GigaBytes of data causing UT container eviction
  • CDPD-62264: Backport HIVE-27673 to CDH-7.1.9.x
  • CDPD-62233: [snapshot] OM shuts down intermittently due to RocksDBException on createSnapshot request
  • CDPD-62230: [snapshot] OM shutsdown on RocksDB failure when performing distcp of snapshots
  • CDPD-62224: Livy - Upgrade Okhttp to 4.11.0 due to CVE-2023-0833 and CVE-2021-0341
  • CDPD-62222: Cruise Control - Upgrade Okhttp to 4.11.0 due to CVE-2023-0833 and CVE-2021-0341
  • CDPD-62205: Backport PHOENIX-7057 Potential bug in MetadataEndpointImpl#updateIndexState.
  • CDPD-62173: Merge HIVE-24530 on all CDP-PvC 7.1.[7-9] CHFx versions
  • CDPD-62156: IMPALA-10860 Allow setting separate mem_limit for coordinators
  • CDPD-62145: FIPS in Streaming with Java 11
  • CDPD-62128: Using centralised version of snappy-java in Search
  • CDPD-62126: Using centralised version of snappy-java in Solr
  • CDPD-62125: Kafka - Upgrade snappy-java to 1.1.10.5 due to CVE-2023-43642
  • CDPD-62063: Backport HIVE-27728 to CDP.
  • CDPD-62059: AvroConnectTranslator should handle null values in fromConnectData method
  • CDPD-62057: DefaultDispatch doesn't forward inbound request headers in case of requestType=OPTIONS
  • CDPD-62046: Disable TestFanOutOneBlockAsyncDFSOutput
  • CDPD-61986: Parcel impala-shell binaries won't work with non-standard Python 3 version
  • CDPD-61951: Backport ZOOKEEPER-4674 TestReadOnlyClient.cc: Stop/start "normal" server in test setUp/tearDown
  • CDPD-61917: Atlas - Upgrade Spring Security to 5.7.10/5.8.5/6.0.5/6.1.2 due to CVE-2023-34034 and CVE-2023-34035
  • CDPD-61814: [7.1.9 CHF2] Implement best coding practices for validating user input
  • CDPD-61798: Cannot drop unbounded range partitions in Kudu tables
  • CDPD-61741: Backport HIVE-22613 to CDP.
  • CDPD-61737: [AUTOSYNC] LegacyReplicationManager: Unhealthy replicas of a sufficiently replicated container can block decommissioning
  • CDPD-61726: Backport Hive-27665 for CDH-7.1.9
  • CDPD-61684: [AUTOSYNC] ReplicationManager: Ignore any Datanodes that are not in-service and healthy when finding unique origins
  • CDPD-61625: Implement best coding practices for validating user input
  • CDPD-61606: Potential dataloss from quick navigation during move op for S3 in Hue
  • CDPD-61600: [AUTOSYNC] ReplicationManager: Handle all UNHEALTHY replicas of a CLOSING container
  • CDPD-61589: Hue download from ABFS can return a corrupted file
  • CDPD-61578: Impala - Upgrade Jetty to 9.4.53/10.0.17/11.0.17 due to CVE-2023-26048, CVE-2023-26049, CVE-2023-40167, CVE-2023-36479, CVE-2023-41900, CVE-2023-36478 and CVE-2023-44487
  • CDPD-61577: CDPD - Upgrade Jetty to 9.4.53/10.0.17/11.0.17 due to CVE-2023-40167, CVE-2023-36479, CVE-2023-41900, CVE-2023-26048, CVE-2023-26049, CVE-2023-36478 and CVE-2023-44487
  • CDPD-61535: [AUTOSYNC] Handle all UNHEALTHY replicas of a CLOSING container
  • CDPD-61507: Atlas [7.1.9 CHFx] - Upgrade Okio to 3.4.0 due to CVE-2023-3635
  • CDPD-61503: Atlas [7.1.9 CHFx] - Upgrade Apache Ivy to 2.5.2 due to CVE-2022-46751
  • CDPD-61495: [AUTOSYNC] compationLogTable to store compaction information
  • CDPD-61489: [AUTOSYNC] LegacyReplicationManager: Unhealthy replicas of a sufficiently replicated container can block decommissioning
  • CDPD-61385: [AUTOSYNC] LOG improvement when downloading container fails from DN
  • CDPD-61380: [AUTOSYNC] Avoid creating Managed objects per request to avoid the finalizer cost
  • CDPD-61248: [7.1.9 CLONE] - RangerKafkaAuditHandler broken and multiple authorizations audited in CDP 7.1.8
  • CDPD-61172: Find out how to fix hbase-indexer cli for Zookeeper SSL
  • CDPD-61132: API compatibility Whitelist for hive
  • CDPD-61084: [7.1.x] - [FIPS + JDK11] Ranger ChangePasswordUtil fails when CM comes up with the addition of bctls.jar
  • CDPD-61061: [AUTOSYNC] Ozone cli command to get container info should deal with empty values for --json
  • CDPD-60946: IMPALA-12413 Make Iceberg tables created by Trino compatible with Impala
  • CDPD-60846: ZooKeeper TLS/SSL support for Hive-Solr
  • CDPD-60646: [AUTOSYNC] Snapshot chain corruption should not fail OM restart
  • CDPD-60338: HIVE-27669: [HiveAcidReplication] Hive Acid CTAS fails incremental if no of rows inserted is > INT_MAX
  • CDPD-60006: Backport HIVE-22489, HIVE-24883 and HIVE-25410 issues to fix java.lang.ClassCastException in join on array column
  • CDPD-59847: Zeppelin - Upgrade jackrabbit-webdav to 2.21.18 due to CVE-2023-37895
  • CDPD-59846: Upgrade jackrabbit-webdav to 2.21.18 due to CVE-2023-37895
  • CDPD-59842: SRM - Upgrade Armeria to 1.24.3 due to CVE-2023-38493
  • CDPD-59673: During discovery if cm is not reachable and throws SocketException then retry is not happening
  • CDPD-59579: Upgrade Spring Security to 5.7.10/5.8.5/6.0.5/6.1.2 due to CVE-2023-34034 and CVE-2023-34035
  • CDPD-59481: [UnitTest] testConnectionRetryExceptionListener fails w/ BindException: Address already in use
  • CDPD-59365: CDPD - Upgrade Shiro to 1.12.0 due to CVE-2023-34478
  • CDPD-58823: jwks.json doesn't have double quotes which makes json invalid
  • CDPD-58290: [AUTOSYNC] SST files are missing on optimized snapDiff path.
  • CDPD-58171: IMPALA-12245 TestWebPage::test_query_progress is flaky
  • CDPD-57125: HIVE-21213: Acid table bootstrap replication needs to handle directory created by compaction with txn id
  • CDPD-56486: [Spark] Ozone delete key failed error during Spark job completion
  • CDPD-52462: Race condition in getFileStatus causes flaky testObjectStoreCreateWithO3fs
  • CDPD-52433: [Snapshot] Use RocksDB to persist compaction log
  • CDPD-51430: Create Container failed using a disk which is full
  • CDPD-50915: Oozie shouldn't ignore hive-site.xml on host if no hive-site is on Spark share lib
  • CDPD-50443: Upgrade CM API usage for discovery
  • CDPD-44719: Spark Atlas Connector - Update log4j to reload4j
  • CDPD-42384: Spark Atlas Connector - Upgrade Data Mapper for Jackson to 1.9.16-TALEND due to high CVEs
  • CDPD-41138: Impala - Upgrade jdom to 2.0.6.1 due to CVE-2021-33813
  • CDPD-35383: Add entry in replication_metrics table for skipped/failed replication.
  • CDPD-18153: ZooKeeper TLS/SSL support for solr-upgrade.sh
  • CDPD-8443: RemoteException when moving a file from scratchdir to a directory in encryption zone
  • TSB 2023-702: Potential wrong result for queries with date partition filter for clusters in GMT+ timezone
  • TSB 2023-704: File corruption when downloading files larger than 1 MB from ABFS with Hue File Browser
Common Vulnerabilities and Exposures (CVE) that is fixed in this CHF:
  • CVE-2010-5312
  • CVE-2011-4969
  • CVE-2012-6708
  • CVE-2015-0897
  • CVE-2016-7103
  • CVE-2020-15522
  • CVE-2020-26870
  • CVE-2020-28458
  • CVE-2020-7656
  • CVE-2021-23445
  • CVE-2021-33813
  • CVE-2021-41182
  • CVE-2021-41183
  • CVE-2021-41184
  • CVE-2022-2047
  • CVE-2022-2048
  • CVE-2022-31160
  • CVE-2023-34034
  • CVE-2023-34035
  • CVE-2023-34478
  • CVE-2023-36052
  • CVE-2023-37895
  • CVE-2023-38493
  • CVE-2023-42794
  • CVE-2023-42795
  • CVE-2023-45648
  • CVE-2023-4586
  • CVE-2023-46120
  • CVE-2023-5072