Fixed Issues in Ranger KMS

Cloudera Runtime 7.1.9 SP2 resolves identified Ranger KMS functional errors and includes technical patches to improve service stability and performance.

CDPD-99837: Mixed case key names can break HDFS encryption after KTS to Ranger KMS migration

When you migrate encryption keys from Key Trustee Server (KTS) to the Ranger KMS DB, encryption zone key names that were originally mixed case (uppercase, lowercase, or camelCase) in KTS can cause HDFS decryption to fail after migration.

The issue has been fixed.

CDPD-99147: Ranger KMS now includes HSTS headers in HTTP 404 responses on port 9494

Previously, HTTP Strict-Transport-Security (HSTS) headers were missing from 404 Not Found responses returned by the Ranger KMS service on port 9494, which could allow browsers to make insecure connections.

This issue has been resolved by adding the appropriate security headers to all Ranger KMS responses, including error pages.