Fixed issues in 7.1.9 CHF 4
Know more about the cumulative hotfixes 4 for 7.1.9. This cumulative hotfix was released on March 11, 2024.
Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.9-1.cdh7.1.9.p6.51045883
- CDPD-59217 - Upgraded Janino to 3.1.10
- KT-7527: Keytrustee parcel bits not available in unified code branch
- KT-7524: [FIPS+JDK11] Keytrustee should encrypt keys with "openssl pkcs8" command on RHEL 8.8
- KT-7523: Keytrustee is using non-centralized jackson version
- KT-7522: CLONE - Keytrustee HSM - Upgrade guava to the centralized CDPD version
- KT-7517: CLONE - Use the centralized logback version
- KT-7514: Postgres9 backup file gets ovewritten in 2step upgrade
- COMPX-15962: Backport YARN-11369 Commons.compress throws an IllegalArgumentException with large uids after 1.21
- COMPX-15948: TestContinuousScheduling#testFairSchedulerContinuousSchedulingInitTime and TestFairScheduler#testNormalizationUsingQueueMaximumAllocation fails intermittently
- COMPX-15894: Backport MAPREDUCE-7468 Change add-opens flag's default value from true to false
- COMPX-15324: RM crashes if app is submitted to auto created queue with empty shortname
- COMPX-12937: QueueManager does not allow copying and pasting values while configuring queue sizes
- COMPX-6274: Fix failing unit test: org.apache.hadoop.yarn.server.timelineservice.security.TestTimelineAuthFilterForV2.testPutTimelineEntities
- CDPD-66843: [7.1.9 CHF4 CLONE] - Provide an option to bypass evaluation of chained plugin if the parent plugin has applicable policy
- CDPD-66842: Ranger Admin server gives empty response when user with user-role tries to update lastname or email address
- CDPD-66798: [7.1.9 CHF4] Skip showing 'Page not found' for wrong value is provided to a api parameter in Login Session Tab
- CDPD-66796: [7.1.9 CHF4] Skip showing 'Page not found' page for INVALID_INPUT_DATA validation in User Profile
- CDPD-66790: Upgrade Jackson version to at least 2.15.0
- CDPD-66789: Centrailize and upgrade avro to 1.11.3 in streaming
- CDPD-66784: [7.1.9 CHF4] Update the execution of setServiceDef call in App.jsx
- CDPD-66782: [7.1.9 CHF4] Updating the "Something went wrong" page in Ranger React UI
- CDPD-66781: [7.1.9 CHF4] Audit logs for Masking policy is missing data mask type entry
- CDPD-66734: Backport ZOOKEEPER-4236 to 7.1.9 CHF4
- CDPD-66730: Phoenix-thirdparty - Upgrade Guava to 32.0.1 due to CVE-2023-2976
- CDPD-66630: spark build failure sles12
- CDPD-66604: HIVE-26961: Fixed improper replication metric count when the hive.repl.filter.transactions property is set to "true".
- CDPD-66525: hadoop: Upgrade logredactor to 2.0.16 (CDP 7.1.9)
- CDPD-66452: Enable unit-tests for Ranger gerrit PRs and canary
- CDPD-66432: HBase-Solr - Upgrade snakeyaml due to CVE-2022-1471
- CDPD-66424: [7.1.9] Upgrade Dropwizard to 2.1.11
- CDPD-66407: [7.1.7 SP3] Zeppelin is using non-centralized jackson version
- CDPD-66289: CLONE - 7.1.8x and 7.1.9.x CHF- Keytrustee-keyhsm - Upgrade Jetty to 9.4.53/10.0.17/11.0.17 due to CVE-2023-40167, CVE-2023-36479, CVE-2023-41900, CVE-2023-36478 and CVE-2023-44487
- CDPD-66279: Fixed an issue with Spark 3.3, that caused metastore connection to drop under certain circumstances. The drop was not affecting behavior, as it reconnects successfully, but caused noise in the logs and unplanned reconnects.
- CDPD-66262: [ERROR] org.apache.hadoop.ozone.om.TestObjectStoreWithFSO.testListKeysAtDifferentLevels
- CDPD-66261: [ERROR] org.apache.hadoop.ozone.freon.TestOmBucketReadWriteKeyOps.testOmBucketReadWriteKeyOps
- CDPD-66257: [ERROR] org.apache.hadoop.hdds.scm.container.metrics.TestSCMContainerManagerMetrics.testContainerOpsMetrics
- CDPD-66162: Phoenix Connectors - Upgrade Guava to 32.0.1 due to CVE-2023-2976
- CDPD-66156: Access Audits - Resource policy version used for of mask policy leading to Error page
- CDPD-66146: [7.1.9 CHF4] [Ranger React UI] Checkbox selection issue when clicking on permission label in tag-based permissions policy
- CDPD-66121: Mass deletion of 27TB data and the space is not reclaimed fully in ozone storage
- CDPD-66092: Fix Ranger Javapatch failure even if service-defs do not exist in ranger DB
- CDPD-65918: [7.1.9 CHF4] Inconsistent resource lookup behaviour with newly created service
- CDPD-65876: [7.1.9] Upgrade jackson version in SRM to 2.15.0
- CDPD-65875: [7.1.9] Upgrade Snakeyaml version in SRM to 2.0
- CDPD-65874: [7.1.9] Use centralized snappy-java version in Kafka
- CDPD-65870: [7.1.9] Upgrade Jackson version in Kafka
- CDPD-65841: [718, 719] Backport aarch64 related commits
- CDPD-65838: [7.1.9] Upgrade Jackson version in Cruise Control
- CDPD-65802: Kafka password is in clear text in application.properties backport
- CDPD-65800: Upgrade Sonarqube version after Gradle upgrade
- CDPD-65720: [AUTOSYNC] Remove io.dropwizard.metrics:metrics-ganglia dependency
- CDPD-65665: [7.1.9] Centralize streaming versions with common naming pattern
- CDPD-65634: [7.1.9] Upgrade Gradle to 8.5
- CDPD-65623: [7.1.9 CHF4] [Ranger React UI] Add inline assertions for displayName length in service creation / update form
- CDPD-65616: Not able to access zeppelin ui through knox
- CDPD-65591: Iceberg replication is not working in 7.1.9 CHF3 stack
- CDPD-65590: IMPALA-12670: getIfPresent must throw the cause of error
- CDPD-65589: IMPALA-11501 Add flag to allow metadata-cache operations on masked tables
- CDPD-65586: [7.1.x] exclude log4j dependencies from spark-atlas-connector assembly
- CDPD-65583: [Spark] Backport CDPD-64232 to 7.1.7 SP2, 7.1.7 SP3, 7.1.8 and 7.1.9
- CDPD-65579: Avoid double XML escaping in SimpleDescriptorHandler
- CDPD-65458: Upgrade Gradle to 8
- CDPD-65433: Execute and read permissions granted to a user in different HDFS policies does not take effect.
- CDPD-65425: Upgrade Dropwizard version in SRM to 2.1.11
- CDPD-65402: Backport CDPD-64950 to 7.1.7.SP2 and 7.1.7.SP3
- CDPD-65293: [7.1.9]Upgrade Apache Ivy to 2.5.2 due to CVE-2022-46751
- CDPD-65239: Add missing libs in external_versions and centralize the same in zeppelin
- CDPD-65213: [AUTOSYNC] ManagedSecretKey.macInstances should not be ThreadLocal
- CDPD-65082: IMPALA-12584: Added backend configuration to restrict data file locations for Iceberg tables. The flag is enabled by default and Impala raises an error for Iceberg tables that consist of data files outside of the table directory.
- CDPD-65080: [7.1.9 CHF4] - Policy listing page experiences an unexpected reset to Access tab when attempting to filter the service and zone dropdown options
- CDPD-65079: [7.1.9 CHF4] - Optimize policy listing loader after session timeout and Audit Admin session ID modal loader
- CDPD-65077: [7.1.9 CHF4] - Optimize "plugins/definitions" API Call for Initial Load in Multiple Ranger-React Modules
- CDPD-64860: Upgrade Snakeyaml version in SRM to 2.0
- CDPD-64855: Upgrade jackson version in SRM to 2.15.0
- CDPD-64803: [7.1.9 CHF4] - API calls for zones and services on initial landing in ZoneListing page is being called twice
- CDPD-64475: CDPD - Upgrade logback to 1.2.13/1.3.14/1.4.14 due to CVE-2023-6378 and CVE-2023-6481
- CDPD-64358: [AUTOSYNC] Pipeline.nodesInOrder should not be ThreadLocal
- CDPD-64235: CDPD - Upgrade Apache Derby to 10.14.3.0-cloudera1 due to CVE-2022-46337
- CDPD-63982: On 7.1.9 chf FIPS+JDK11 cluster, Zeppelin service is not starting UP.
- CDPD-63464: [AUTOSYNC] EC: When Coordinator DN doing reconstruction, restart of target DN can lead to SCM crash
- CDPD-63463: [AUTOSYNC] EC: Recovering container cleanup at DN start is not happening due to NPE.
- CDPD-62890: [AUTOSYNC] Race condition in RocksDatabase
- CDPD-62717: [7.1.9 CHF4] Need to show Tag Policies for user when it has permission in "Tag Based Policies" module
- CDPD-62583: HMS Upgrade to 7.1.8.x or higher version fails if Hive log level is WARN
- CDPD-61475: Hadoop - Remove json-io due to CVE-2023-34610
- CDPD-60977: Hive - Upgrade Apache Ivy to 2.5.2 due to CVE-2022-46751
- CDPD-60950: [7.1.9 CHF4] - Error page 'Go back' button not redirecting to the right page
- CDPD-60830: HBase-Thirdpary - Upgrade Guava to 32.0.1 due to CVE-2023-2976
- CDPD-60742: open_connections and open_operations metrics not populated after hive service restart
- CDPD-60030: Hue : Stored Cross-Site Scripting in file name field
- CDPD-58770: Security - The config API endpoint returns the keyStorePassword
- CDPD-58580: CDPD - Upgrade Guava to 32.0.1 due to CVE-2023-2976
- CDPD-53885: Backport of HIVE-23444 - fixed in upstream hive and merged to cdw-master and cdpd-master branches. Backported to 717 SP3, 7.1.8 and 7.1.9 versions
- CDPD-53379: Grant permission in Impala engine not working with {owner} in ranger policy
- CDPD-50493: Sample Data from Table Browser in Hue launches expensive queries from the Impala Views
- CDPD-50047: Upgrade Schema Registry project to use Gradle 8
- CDPD-13292: externalize more common dependencies from Search, Solr, and Hbase-Indexer
- CDPD-11827: Backport ORC-616 "In Patched Base encoding, the value of headerThirdByte goes beyond the range of byte"
- OPSAPS-69481: Some Kafka Connect metrics missing from Cloudera Manager due to conflicting definitions
- OPSAPS-69458: Custom properties atlas.jaas.KafkaClient.option.password is in clear text in CDP cluster services
Common Vulnerabilities and Exposures (CVE) that is fixed in this CHF:
- CVE-2023-43642