Fixed Issues in ZooKeeper

Cloudera Runtime 7.3.2

Cloudera Runtime 7.3.2 resolves ZooKeeper issues and incorporates fixes from the service packs and cumulative hotfixes from 7.3.1.100 through 7.3.1.700. For a comprehensive record of all fixes in Cloudera Runtime 7.3.1.x, see Fixed Issues.

CDPD-92113: Zookeeper client uses IPv6 address in case of dual‑stack cluster

7.3.2

Previously, in some dual-stack environments, the Zookeeper client failed to connect if IPv6 was not reachable. This issue is now resolved to improve the connection reliability for affected configurations.

CDPD-93023, CDPD-91630: ZooKeeper build broken in JDK17 line

7.3.2

Previously, the ZooKeeper JDK17 build failed due to the missing jline dependency. This issue is now resolved.

CDPD-68499: Upgraded jline version to 3.25.1

ZooKeeper is now updated to use the jline version 3.25.1, which addresses CVE-2023-50572.

OPSAPS-76345: Cloudera Manager could not connect to the ZooKeeper JMX port when JMX TLS was enabled

7.3.2

Previously, an issue triggered by JDK upgrades related to CVE-2026-21925, prevented Cloudera Manager from securely connecting to the ZooKeeper JMX port when JMX TLS was enabled (the default for secure clusters). The problem was caused by a change in the JVM. This issue is now resolved.

OPSAPS-75121: TLS Protocol and Cipher Selection support for ZooKeeper

7.3.2

Previously, when two options were removed from Cloudera Manager, related to ZooKeeper TLS settings, testing showed that the TLS version and cipher list settings became inconsistent and insecure. This issue is now resolved and the Zookeeper TLS version and cipher list settings are now removed.

OPSAPS-73956: Support IPv6 access for client

7.3.2

The ZooKeeper startup script, zkserver.sh now uses the configurable variable IP_VERSION instead of a hardcoded value. This change allows the script to dynamically set the appropriate network stack preference, enabling support for IPv4, IPv6, or dual-stack environments as configured. No further manual flag adjustments are needed for IPv6 or dual-stack modes; the system automatically handles the correct settings.

OPSAPS-73624: Data Lake upgrade failure due to ZooKeeper StartPreservingDatastore error

7.3.2

Previously, during the Data Lake (DL) Zero Downtime Upgrade (ZDU) process, the upgrade failed at the ZooKeeper service upgrade phase. This blocked the upgrade and required manual intervention to proceed.

This issue in the ZooKeeper start command is now resolved. The upgrade process now handles ZooKeeper server startups more reliably, preventing the configuration mismatch error and allowing the upgrade to complete without manual steps.

OPSAPS-72239: Failure when installing Cloudera 7.3.1 using Cloudera Manager 7.13.1.0

7.3.2

Previously, when selecting the ZooKeeper gateway role during the initial installation of a Cloudera 7.3.1 cluster using Cloudera Manager 7.13.1.0 caused the wizard to fail with an internal error, preventing the cluster setup.

This issue is now resolved and Cloudera Manager now filters the ZooKeeper gateway role during the initial installation wizard, preventing the error and allowing normal cluster completion.

OPSAPS-63656: Duplicate chart displyed in the ZooKeeper UI

7.3.2

Previously, the Outstanding Requests Across Servers chart was displayed twice in the Cloudera Manager ZooKeeper Server Aggregates UI.

This issue is now resolved and the duplicate ZooKeeper chart is now removed.

OPSAPS-57641: ZooKeeper Authentication Enforcement renders ZooKeeper Canary unable to connect

7.3.2

When ZooKeeper authentication enforcement was enabled, the Cloudera Manager Service Monitor’s ZooKeeper Canary could not authenticate to ZooKeeper. This caused the canary checks to fail and blocked successful installation and monitoring in secured environments.

This issue is now resolved and Kerberos-based authentication is now enabled for the ZooKeeper Canary in the Service Monitor. The canary can now connect and run health checks correctly when ZooKeeper authentication is enforced.

OPSAPS-57019: No option to enforce client authentication

7.3.2

Previously, ZooKeeper did not provide an option in Cloudera Manager to enforce client authentication, limiting the ability to meet stricter security and compliance requirements.

This issue is now resolved and a ZooKeeper configuration option added in Cloudera Manager allows administrators to require client authentication.

OPSAPS-76344: ZooKeeper service canary failed with a certificate exception

7.3.2

Previously, in Cloudera Manager 7.13.2.0, ZooKeeper service canary failed due to a java.security.cert.CertificateException error. This issue is now resolved.

OPSAPS-75265, OPSAPS-75418: Mismatch in ZooKeeper component version

Previously, the ZooKeeper component version displayed and used by Cloudera Manager was not aligned with the updated ZooKeeper rebase.This issue is now fixed and Cloudera Manager now uses the correct ZooKeeper version.