Fixed issues in Cloudera Data Warehouse on premises 1.5.4 SP1
Review the issues fixed in this service pack release of Cloudera Data Warehouse on premises.
Security fixes
The following security fixes are available as part of this release:
- DWX-18712: Replace Java tools for JCEKS with Go
- This fix prevents CVEs resulting from the openjdk8 package on Impala autoscaler, by using a tool built in Golang (Go) language to read keys from JCEKS instead of the existing Java-based tool.
- DWX-19154: Upgrade to the latest Kubernetes version
- The Kubernetes package was upgraded to the latest version, 1.31.0 to help prevent CVEs.
- DWX-19202/DWX-19203/DWX-19267: Move images to Chainguard
- The following images are now based on the Chaiguard images to
significantly reduce the CVE count:
- hive
- impala-autoscaler-webui-metrics
- diagnostic-tools
- DWX-19250: Cloudera Data Warehouse containers elevate their own privileges
- This fix configures the containers in the Control Plane and sets
containers[].securityContext.allowPrivilegeEscalationto "false". - DWX-19537: initContainers elevate their own privileges
- This fix configures and sets
initContainers[].securityContext.allowPrivilegeEscalationto "false".
