Known Issues in Hue

This topic describes known issues and workarounds for using Hue in this release of Cloudera Runtime.

Hive and Impala query editors do not work with TLS 1.2: Problem: If Hive or Impala engines are using TLS version 1.2 on your CDP cluster, then you won’t be able to run queries from the Hue Hive or Impala query editor.; Workaround: You must apply the following patch: HUE-9508. Contact Cloudera Support for help on applying the software patch.
Hue Importer is not supported in the Data Engineering template: When you create a Data Hub cluster using the Data Engineering template, the Importer application is not supported in Hue:

Technical Service Bulletins

TSB 2021-487: Cloudera Hue is vulnerable to Cross-Site Scripting attacks: Multiple Cross-Site Scripting (XSS) vulnerabilities of Cloudera Hue have been found. They allow JavaScript code injection and execution in the application context.

CVE-2021-29994 - The Add Description field in the Table schema browser does not sanitize user inputs as expected.

CVE-2021-32480 - Default Home direct button in Filebrowser is also susceptible to XSS attack.

CVE-2021-32481 - The Error snippet dialog of the Hue UI does not sanitize user inputs.
Knowledge article: For the latest update on this issue see the corresponding Knowledge article: TSB 2021-487: Cloudera Hue is vulnerable to Cross-Site Scripting attacks (CVE-2021-29994, CVE-2021-32480, CVE-2021-32481)