Cloudera Runtime Release Notes

Fixed Issues in Zeppelin

Review the list of Zeppelin issues that are resolved in Cloudera Runtime 7.2.14.

Apache patch information🔗

Apache patches in this release.

CDPD-31506: Fix dependency convergence for jetty-util-ajax

ENGESC-10231: ZEPPELIN-4952: Markdown interpreter can be used to store XSS in notebooks

ENGESC-10231: [ZEPPELIN-4311] Supporting new parser for markdown as pegdown parser

CDPD-30912: CDH: 7.1.8.0 build failed for zeppelin for all OS builds

CDPD-29838: Zeppelin notebook creation failure due to Hadoop ClassCastException

CDPD-28967: Zeppelin - Upgrade commons-io to 2.8 due to CVE-2021-29425

CDPD-29175: Zeppelin - Upgrade jsoup to 1.14.2 due to CVE-2021-37714

CDPD-28924: Zeppelin - Upgrade to junit 4.13.2 due to CVE-2020-15250

CDPD-28834: Credentials file should get saved along with notebook-authorization.json and interpreter.json

CDPD-24981: Zeppelin notebook can not create table with jdbc phoenix interpreter

CDPD-23410: Zeppelin notebook_authorizations::test_only_owners_can_change_permissions test is failing

CDPD-22469: ZEPPELIN-5231: Livy Interpreter doesn't support Japanese Character - Encoding Issue

CDPD-17187: Zeppelin - Upgrade to Angular 1.8.0 due to CVEs

CDPD-20908: Remove log4j-slf4j-impl from JDBC/Hive interpreter

CDPD-19308: Zeppelin - Upgrade to slf4j 1.7.30

CDPD-19316: Zeppelin - Upgrade httpclient to 4.5.13+ / 5.0.3+ due to CVE-2020-13956

CDPD-20461: Zeppelin - Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649

CDPD-20267: Zeppelin build failure on cdpd-master

CDPD-17471: [ZEPPELIN-5116]Accessing zeppelin via knox after knox logout should be redirected to knox login page

CDPD-17933: Zeppelin - Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421

CDPD-19243: Upgrade to Shiro 1.7.0 due to CVE-2020-17510

CDPD-18170: Zeppelin - Upgrade or remove auto-value due to shaded guava CVEs

CDPD-15497: Harmonize joda-time to version 2.10.6(cdpd harmonized)

CDPD-17543: Zeppelin UI is not comping due to Corrupted notebooks

CDPD-16197: Upgrade api-*-1.0.0.jar due to CVEs

CDPD-16096: Zeppelin - upgrade google-oauth-client to 1.31.0

CDPD-17017: Upgrade xercesImpl to to 2.12.0 due to CVE-2018-2799

CDPD-16845: Upgrade to Shiro 1.6.0 (CVE-2020-13933)

CDPD-16111: Upgrade jsoup-1.7.2 (CVE-2015-6748)

CDPD-16104: Upgrade postgresql JDBC driver to 42.2.16

CDPD-14569: [ZEPPELIN-4414]. Upgrade thrift to 0.13

CDPD-13378: Bumup version of Java Native Access (JNA)

CDPD-16114 Upgrade jackrabbit-webdav 1.5.2 due to CVE-2015-1833

ZEP-97: [ZEPPELIN-3690] display all column with the same name in ui-grid

CDPD-16115: Upgrade jgit due to CVE-2016-5725

CDPD-14614: Update Spring Framework for Zeppelin (CVE-2018-1270)

CDPD-11599: Update Quartz Enterprise Job Scheduler for Zeppelin (CVE-2019-13990)

CDPD-14580: Upgrade Scala for CVEs

BUG-124121: Password hashing not working in Zeppelin

CDPD-15628: Compilation faliure on dex-box

CDPD-12920: Upgrade nimbus-jose-jwt to 7.9

CDPD-14990: Upgrade libpam4j to 1.11 (CVE-2017-12197)

CDPD-11426: Ensure consistent usage of jackson to 2.10.3

CDPD-14579: remove org.reflections (CVE-2020-10683)

CDPD-14581: Update Spring Framework for Zeppelin in 7.2.1.0 (CVE-2018-1275)

CDPD-14369: [ZEPPELIN-4736] The use of SslContextFactory is deprecated

CDPD-11406: Include NOTICE and LICENSE files in component directories

CDPD-11301: Remove jackson and jersey-bundle

CDPD-11780: Zeppelin: Remove spark (and other interpreters that are not shipped) source dependencies

CDPD-11348: Update log4j to address CVE-2019-17571

CDPD-11501: Update Apache Shiro for Zeppelin to 1.5.3

CDPD-11571: Zeppelin build failure on cdpd-master due to perfect-scrollbar

CDPD-10187: Zeppelin - Incorrect version of jackson-mapper-asl in CDP

CDPD-9119: Zeppelin - Upgrade to Guava 28.1 to avoid CVE-2018-1023

CDPD-9030: Upgrade jackson-databind to version 2.9.10.3 [CVE-2020-8840]

CDPD-9454: [ZEPPELIN-4697] Zeppelin scheduler pings terracotta.org

CDPD-8163: Remove `org.spark-project.hive` dependency

CDPD-7789: Zeppelin - Upgrade to Jetty 9.4.26 to avoid CVEs

CDPD-7479: add hadoop-cloud-storage jar in Zeppelin

CDPD-3600: Sync Zeppelin with community latest version (0.8.2)

CDPD-2933: [ZEPPELIN-4272] Zeppelin fails to use s3a configured for zeppelin.notebook.dir

CDPD-1683: KerberosRealm roles should match with local file system, if nothing is specified

CDPD-2300: Initialize proxyuser with proper configuration

CDPD-1491: Zeppelin should support doAs

BUG-120595: [ZEPPELIN-4197] Upgrade Jackson to 2.9.9

BUG-120606: [ZEPPELIN-4187] Bump up version of Scala from 2.11.8 to 2.11.12 (#3378)

BUG-120605: [ZEPPELIN-4186] Bump up version of org.jsoup:jsoup (#3377)

BUG-120596: [ZEPPELIN-4188] Upgrade Jetty to 9.4.18.v20190429

BUG-120594: ZEPPELIN-4193 Upgrade Bouncy Castle bcpkix-jdk15on to 1.60

BUG-120593: [ZEPPELIN-4185] Upgrade Thrift to 0.12.0 (#3376)

CDPD-1009: ZEPPELIN-4168: Use secure URLs for Maven repositories (#3370)

CDPD-717: [Zeppelin 3792] Zeppelin SPNEGO support

ZEP-79: Disable fs.file.impl cache to ensure RawLocalFS is used

BUG-109581: [ZEPPELIN-3741] Do not clear "Authorization" header if Z-server is running behind proxy

BUG-106906: Add shiro-tools-hasher in Zeppelin

BUG-106297: JDBC interpreter log file is missing in zeppelin log directory

BUG-102172: Include Google Connector in Zeppelin

BUG-98604: Correct tutorial link should be added in interpreter page

BUG-100845: Remove livy2.pyspark3 interpreter on zeppelin side

BUG-114354: Fixes to make s3 storage work

BUG-114354: Change Zeppelin to use unshaded jars

BUG-103954: Exclude other dependencies in STS shaded JDBC driver to prevent conflict

BUG-103715: fix handshake_failure download

CDPD-10288: Zeppelin Notebook Initialisation fails with CNF error in RAZ Enabled Cluster

We want your opinion

How can we improve this page?

What kind of feedback do you have?