Fixed issues in 7.1.9 CHF 7
Know more about the cumulative hotfix 7 for 7.1.9. This cumulative hotfix was released on June 6, 2024.
Following is the list of fixes that were shipped for CDP Private Cloud Base version 7.1.9-1.cdh7.1.9.p14.53489573.
- KT-7540: KeyTrustee-KeyHSM - Upgraded protobuf-java to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171
- Upgraded the protobuf-java version to 3.16.3/3.19.6/3.20.3/3.21.7 for KeyHSM due to CVE-2022-3171.
- KT-7536: KeyTrustee-KeyHSM - Upgraded Jetty to 9.4.54.v20240208 due to CVE-2024-22201
- Upgraded the Jetty version to 9.4.54.v20240208 due to CVE-2024-22201.
- KT-7530: KeyTrustee-KeyHSM - Upgraded Spring Framework to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262
- Upgraded the Spring Framework version to 6.1.6/6.0.19/5.3.34 for KeyHSM due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262.
- CDPD-69563: [AUTOSYNC] HTTP Server fails to start with wildcard principal
- Ozone role startup failed with the NoClassDefFoundError error, when the following conditions were met:
- Enable Kerberos Authentication for HTTP web consoles was checked
- Kerberos principal for HTTP access is set to *
- CDPD-69425: [AUTOSYNC] Close SstFileReaderIterator in RocksDBCheckpointDiffer
- FileReader and FileReaderIterator did not close after the use and the system did not respond due to many open files. This issue is now resolved, and both FileReader and FileReaderIterator are now closed after use.
- CDPD-69355: Exclude older versions of transitive libraries of jackson from Ranger-Kafka-plugin
- Upgraded the Jackson Databind version to 2.15.0 and excluded older version of libraries.
- CDPD-69306: Hue fails when trying to install npm16 on SLES 15
- Upgraded npm16 to npm20.
- CDPD-68924: [AUTOSYNC] Do not fail read of EC block if the last chunk is empty
- Few EC blocks in a cluster had an empty final chunk. These blocks failed to read data and made the data unavailable, even when data was still present on disk. This issue is now resolved and the data is read even if there are empty final chunks in a block.
- CDPD-68841: Ranger [7.1.9 chf7] - Upgraded Netty to 4.1.108.Final due to CVE-2024-29025
- Upgraded the Netty version to 4.1.108 due to CVE-2024-29025.
- CDPD-68807: Ranger - Upgraded Spring Framework to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262
- Upgraded the Spring Framework version to 5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262.
- CDPD-68736, CDPD-68737: Ranger - Upgraded Opensearch to 1.3.15 due to CVE-2023-45807
- Upgraded Opensearch to 1.3.15 due to CVE-2023-45807.
- CDPD-68723, CDPD-68724: [AUTOSYNC] EC Reconstruction does not issue put block to data index if it is unused
- An issue in Apache Ozone resulted in the loss of certain user data blocks after EC reconstruction. This was triggered by the failure of a disk or node in the cluster. This issue is now resolved.
- CDPD-68282: SMM UI - Upgraded Node JS version to 20.12.1 due to multiple CVEs
- Upgraded the Node JS version to 20.12.1 due to multiple CVEs.
- CDPD-68197: [Upgrade][EC] Reconstruction failing with "java.io.IOException: None of the block data have checksum"
- EC reconstruction failed with the java.io.IOException: None of the block data have checksum error, when EC blocks were created without EC checksum data. This issue is now resolved.
- CDPD-68193: Exclude services/roles from being discovered
- New gateway-site.xml properties are added to exclude certain services and roles from being discovered during Cloudera Managaer service discovery. The property names are gateway.cloudera.manager.service.discovery.excluded.service.types and gateway.cloudera.manager.service.discovery.excluded.role.types.
- CDPD-68084: [7.1.x] KnoxCLI command for generating descriptor for a role type from a list of hosts
- A new command is added to KnoxCLI to generate a topology descriptor from a list of URLs. The command usage/parameters are described in https://github.com/apache/knox/pull/835.
- CDPD-68065: [7.1.x] - Add configurable socket / read timeout parameter to discovery client
- The following gateway-site.xml properties
are added for better control over Cloudera Manager service discovery timeouts in Knox:
- gateway.cloudera.manager.service.discovery.connect.timeout.ms
- gateway.cloudera.manager.service.discovery.connect.read.ms
- gateway.cloudera.manager.service.discovery.connect.write.ms
- CDPD-67848: Rocks tools native lib should not be inside jar
- Releng shiped the same jar for all the Operating System whichever the platform built first. In this case, having the library packed inside the jar caused incompatibilities. This issue is now resolved and the library is now packed outside the jar so that the native library loads from a particular path
- CDPD-67608: SMM - Upgraded Jetty to 9.4.54.v20240208 due to CVE-2024-22201
- Upgraded the Jetty version to 9.4.54.v20240208 due to multiple CVEs.
- CDPD-67600: Knox - Upgraded PostgreSQL to 42.5.5/42.6.1/42.7.2 due to CVE-2024-1597
- Upgraded the PostgreSQL version to 42.5.5/42.6.1/42.7.2 due to CVE-2024-1597.
- CDPD-67568: Intermittent HTTP 401 error codes in Oozie tests due to Shiro unable to login: null
- There was an intermittent HTTP 401 error in Oozie tests as org.glassfish.main.libpam4j produced errors. This issue is now resolved and dependency on org.kushuke.libpam4j is now switched back.
- CDPD-67181: Ozone OM fail to start with a crash dump
- Ozone Manager failed to start after an install of base cluster. This issue is now resolved
- CDPD-67124: SMM - Upgraded Hibernate-Validator to 6.2.5.Final due to CVE-2023-1932
- Upgraded the Hibernate-Validator version to 6.2.5 due to CVE-2023-1932.
- CDPD-67113: [7.1.9] Backport KAFKA-13988: Mirrormaker 2 auto.offset.reset=latest not working
- Streams Replication Manager (SRM) did not respond to
auto.offset.reset=latest config. This issue is now resolved. - CDPD-67098: Ranger - Upgrade Commons-Compress to 1.26.0 due to CVE-2024-25710 and CVE-2024-26308
- Upgraded the Commons-Compress version to 1.26.0 due to CVE-2024-25710 and CVE-2024-26308.
- CDPD-66169: Hadoop - Upgraded bcpkix-jdk15on to 1.70+ due to CVE-2019-17359
- Upgraded the bcpkix-jdk15on library to version 1.70 to address CVE-2019-17359.
- CDPD-66048: [AUTOSYNC] Remove readLock from KeyValueHandler.checkContainerIsHealthy
- Removed KeyValueHandler.checkContainerIsHealthy to improve Ozone data read performance.
- CDPD-65490: The Knox topology did not update within 600 seconds
- There was an issue when Knox compared the generated XML topology with the currently deployed XML topology, in highly concurrent environments. This issue is now resolved and a fix is made to the code, that parses the new topology.
- CDPD-62837: [Atlas] [navigator2atlas] hive_storagedesc is incomplete in Atlas
- Changes are made to the Nav2Atlas module to set the relationType
as
hive_table_storagedescof relationship attributetablefor every entity of hive_storagedesc.
There are no Common Vulnerabilities and Exposures (CVE) fixed in this CHF.
