Fixed issues in 7.1.9 CHF 7

Know more about the cumulative hotfix 7 for 7.1.9. This cumulative hotfix was released on June 6, 2024.

Following is the list of fixes that were shipped for CDP Private Cloud Base version 7.1.9-1.cdh7.1.9.p14.53489573.

KT-7540: KeyTrustee-KeyHSM - Upgraded protobuf-java to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171
Upgraded the protobuf-java version to 3.16.3/3.19.6/3.20.3/3.21.7 for KeyHSM due to CVE-2022-3171.
KT-7536: KeyTrustee-KeyHSM - Upgraded Jetty to 9.4.54.v20240208 due to CVE-2024-22201
Upgraded the Jetty version to 9.4.54.v20240208 due to CVE-2024-22201.
KT-7530: KeyTrustee-KeyHSM - Upgraded Spring Framework to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262
Upgraded the Spring Framework version to 6.1.6/6.0.19/5.3.34 for KeyHSM due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262.
CDPD-69563: [AUTOSYNC] HTTP Server fails to start with wildcard principal
Ozone role startup failed with the NoClassDefFoundError error, when the following conditions were met:
  • Enable Kerberos Authentication for HTTP web consoles was checked
  • Kerberos principal for HTTP access is set to *
This issue is now resolved.
CDPD-69425: [AUTOSYNC] Close SstFileReaderIterator in RocksDBCheckpointDiffer
FileReader and FileReaderIterator did not close after the use and the system did not respond due to many open files. This issue is now resolved, and both FileReader and FileReaderIterator are now closed after use.
CDPD-69355: Exclude older versions of transitive libraries of jackson from Ranger-Kafka-plugin
Upgraded the Jackson Databind version to 2.15.0 and excluded older version of libraries.
CDPD-69306: Hue fails when trying to install npm16 on SLES 15
Upgraded npm16 to npm20.
CDPD-68924: [AUTOSYNC] Do not fail read of EC block if the last chunk is empty
Few EC blocks in a cluster had an empty final chunk. These blocks failed to read data and made the data unavailable, even when data was still present on disk. This issue is now resolved and the data is read even if there are empty final chunks in a block.
CDPD-68841: Ranger [7.1.9 chf7] - Upgraded Netty to 4.1.108.Final due to CVE-2024-29025
Upgraded the Netty version to 4.1.108 due to CVE-2024-29025.
CDPD-68807: Ranger - Upgraded Spring Framework to 6.1.6/6.0.19/5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262
Upgraded the Spring Framework version to 5.3.34 due to CVE-2024-22243, CVE-2024-22259 and CVE-2024-22262.
CDPD-68736, CDPD-68737: Ranger - Upgraded Opensearch to 1.3.15 due to CVE-2023-45807
Upgraded Opensearch to 1.3.15 due to CVE-2023-45807.
CDPD-68723, CDPD-68724: [AUTOSYNC] EC Reconstruction does not issue put block to data index if it is unused
An issue in Apache Ozone resulted in the loss of certain user data blocks after EC reconstruction. This was triggered by the failure of a disk or node in the cluster. This issue is now resolved.
CDPD-68282: SMM UI - Upgraded Node JS version to 20.12.1 due to multiple CVEs
Upgraded the Node JS version to 20.12.1 due to multiple CVEs.
CDPD-68197: [Upgrade][EC] Reconstruction failing with "java.io.IOException: None of the block data have checksum"
EC reconstruction failed with the java.io.IOException: None of the block data have checksum error, when EC blocks were created without EC checksum data. This issue is now resolved.
CDPD-68193: Exclude services/roles from being discovered
New gateway-site.xml properties are added to exclude certain services and roles from being discovered during Cloudera Managaer service discovery. The property names are gateway.cloudera.manager.service.discovery.excluded.service.types and gateway.cloudera.manager.service.discovery.excluded.role.types.
CDPD-68084: [7.1.x] KnoxCLI command for generating descriptor for a role type from a list of hosts
A new command is added to KnoxCLI to generate a topology descriptor from a list of URLs. The command usage/parameters are described in https://github.com/apache/knox/pull/835.
CDPD-68065: [7.1.x] - Add configurable socket / read timeout parameter to discovery client
The following gateway-site.xml properties are added for better control over Cloudera Manager service discovery timeouts in Knox:
  • gateway.cloudera.manager.service.discovery.connect.timeout.ms
  • gateway.cloudera.manager.service.discovery.connect.read.ms
  • gateway.cloudera.manager.service.discovery.connect.write.ms
CDPD-67848: Rocks tools native lib should not be inside jar
Releng shiped the same jar for all the Operating System whichever the platform built first. In this case, having the library packed inside the jar caused incompatibilities. This issue is now resolved and the library is now packed outside the jar so that the native library loads from a particular path
CDPD-67608: SMM - Upgraded Jetty to 9.4.54.v20240208 due to CVE-2024-22201
Upgraded the Jetty version to 9.4.54.v20240208 due to multiple CVEs.
CDPD-67600: Knox - Upgraded PostgreSQL to 42.5.5/42.6.1/42.7.2 due to CVE-2024-1597
Upgraded the PostgreSQL version to 42.5.5/42.6.1/42.7.2 due to CVE-2024-1597.
CDPD-67568: Intermittent HTTP 401 error codes in Oozie tests due to Shiro unable to login: null
There was an intermittent HTTP 401 error in Oozie tests as org.glassfish.main.libpam4j produced errors. This issue is now resolved and dependency on org.kushuke.libpam4j is now switched back.
CDPD-67181: Ozone OM fail to start with a crash dump
Ozone Manager failed to start after an install of base cluster. This issue is now resolved
CDPD-67124: SMM - Upgraded Hibernate-Validator to 6.2.5.Final due to CVE-2023-1932
Upgraded the Hibernate-Validator version to 6.2.5 due to CVE-2023-1932.
CDPD-67113: [7.1.9] Backport KAFKA-13988: Mirrormaker 2 auto.offset.reset=latest not working
Streams Replication Manager (SRM) did not respond to auto.offset.reset=latest config. This issue is now resolved.
CDPD-67098: Ranger - Upgrade Commons-Compress to 1.26.0 due to CVE-2024-25710 and CVE-2024-26308
Upgraded the Commons-Compress version to 1.26.0 due to CVE-2024-25710 and CVE-2024-26308.
CDPD-66169: Hadoop - Upgraded bcpkix-jdk15on to 1.70+ due to CVE-2019-17359
Upgraded the bcpkix-jdk15on library to version 1.70 to address CVE-2019-17359.
CDPD-66048: [AUTOSYNC] Remove readLock from KeyValueHandler.checkContainerIsHealthy
Removed KeyValueHandler.checkContainerIsHealthy to improve Ozone data read performance.
CDPD-65490: The Knox topology did not update within 600 seconds
There was an issue when Knox compared the generated XML topology with the currently deployed XML topology, in highly concurrent environments. This issue is now resolved and a fix is made to the code, that parses the new topology.
CDPD-62837: [Atlas] [navigator2atlas] hive_storagedesc is incomplete in Atlas
Changes are made to the Nav2Atlas module to set the relationType as hive_table_storagedesc of relationship attribute table for every entity of hive_storagedesc.

There are no Common Vulnerabilities and Exposures (CVE) fixed in this CHF.