Fixed Issues in Ranger
Cloudera Runtime 7.1.9 SP2 resolves identified Ranger functional errors and includes technical patches to improve service stability and performance.
- CDPD-98515: Upgraded Swagger UI due to dompurify vulnerability
- The Swagger UI used vulnerable version of dom-purify.
This issue has been fixed by upgrading the Swagger UI to 5.32.1 to handle the vunrability.
- CDPD-98737: Fixed Runtime.exec parameters for Ranger Usersync
- Previously, the
UnixUserBuilderGroupimplementation in Ranger Usersync constructed and executed bash commands in an unsafe manner, introducing a risk of command injection.This issue has been fixed by updating the
Runtime.execparameters to follow standard Java coding practices, eliminating the command injection vulnerability.
