Cloudera Manager 7.12.0.600

Know more about the Cloudera Manager 7.12.0.600 hotfix version which is a corresponding Cloudera Manager hotfix version for Cloudera Runtime 7.2.18.600 service pack release.

This cumulative hotfix was released on January 23, 2025.

Following are the list of fixed issues that were shipped for Cloudera Manager 7.12.0.600 (version: 7.12.0.600-61784706):

OPSAPS-70449: After creating a new Dashboard from the Cloudera Manager UI, the Chart Title field was allowing Javascript as input

In Cloudera Manager UI, while creating a new plot object, a Chart Title field allows Javascript as input. This allows the user to execute a script, which results in an XSS attack. This issue is fixed now.

OPSAPS-72254: FIPS Failed to upload Spark example jar to HDFS in cluster mode

Fixed an issue with deploying the Spark 3 Client Advanced Configuration Snippet (Safety Valve) for spark3-conf/spark-env.sh.

For more information, see Added a new Cloudera Manager configuration parameter spark_pyspark_executable_path to Livy for Spark 3.

New features and changed behavior for Cloudera Manager 7.12.0.600 (version: 7.12.0.600-61784706):

Added a new Cloudera Manager configuration parameter spark_pyspark_executable_path to Livy for Spark 3.

In Cloudera Manager Agent 7.13.1 and higher versions, a new Cloudera Manager configuration parameter spark_pyspark_executable_path is added to Livy for Spark 3 service.

The value of spark_pyspark_executable_path for Livy must sync with the value of the Spark 3 service's spark_pyspark_executable_path parameter in Cloudera Manager.

Summary: The Livy proxy user is taken from Livy for Spark 3's configuration.

Previous behavior:

The custom Kerberos principal configuration was updated via the Livy service.

New behavior:

The Livy proxy user is taken from Livy for Spark 3's configuration, as the Livy service has been replaced with Livy for Spark3 in Cloudera Private Cloud Public Cloud version 7.3.1.

Fixed Common Vulnerabilities and Exposures

Common Vulnerabilities and Exposures (CVE) that are fixed in Cloudera Manager 7.12.0.600 hotfix.


CVEs	Package Name
CVE-2024-21634	Ion-Java
CVE-2024-25710	Commons-Compress
CVE-2024-26308	Commons-Compress
CVE-2024-36114	Aircompressor
CVE-2020-13949	libthrift
CVE-2018-1320	libthrift
CVE-2019-0205	libthrift
CVE-2019-0210	libthrift
CVE-2018-11798	libthrift

The repositories for Cloudera Manager 7.12.0.600 are listed in the following table:

Table 1. Cloudera Manager 7.12.0.600
Repository Type	Repository Location
RHEL 8 Compatible	Repository: https://`username`:`password`@archive.cloudera.com/p/cm-public/7.12.0.600-61784706/redhat8/yum Repository File: https://`username`:`password`@archive.cloudera.com/p/cm-public/7.12.0.600-61784706/redhat8/yum/cloudera-manager.repo

Table 1. Cloudera Manager 7.12.0.600

Repository Type

Repository Location

RHEL 8 Compatible

Repository:

https://username:password@archive.cloudera.com/p/cm-public/7.12.0.600-61784706/redhat8/yum

Repository File:

https://username:password@archive.cloudera.com/p/cm-public/7.12.0.600-61784706/redhat8/yum/cloudera-manager.repo