Fixed Issues in Apache Knox

Review the list of Knox issues that are resolved in Cloudera Runtime 7.2.16.

CDPD-45191: KNOX-2810 Fixed an issue causing login failures when there were special characters in the password.
CDPD-43467: Upgrade aws-java-sdk to 1.12.261+ due to CVE-2022-31159.
CDPD-42850: Fixed an issue causing the remote alias service to regenerate pac4j password at each startup.
CDPD-41589: In previous versions, Knox's token impersonation feature was not working together with the HadoopAuth authentication provider. Now, this is fixed, Knox tokens can be generated on behalf of other users regardless of the authentication mechanism before the service.
CDPD-41495: Fixed user-auth-test command in KnoxCLI after upgrading to Shiro 1.6.
CDPD-41440: Fixed an issue where IDBroker would not distinguish between MSIs with different case. Going forward MSI names are case insensitive.
CDPD-40729: From now on, in Knox's HadoopGroupProvider, the gateway-level CENTRAL_GROUP_CONFIG_PREFIX prefixed parameters are added together with any custom provider-level parameters into the final HadoopGroupProvider identity assertion filter of the generated web application.
CDPD-40520: Upgraded mysql-connector-java to 8.0.29 due to CVE-2022-21363, CVE-2021-2471.
CDPD-40354: ATLAS, ATLAS-API, and SCHEMA-REGISTRY services do not need special replayBufferSize configuration for large data upload, Knox makes them work OOTB.
CDPD-37025: KNOX-2736 Added retry logic to knox client.
CDPD-36413: Knox gateway and idbroker startup time improvements were added.
CDPD-35951: Added support for SAML keystore type in Knox.
CDPD-24808: When multiple instances of Schema Registry are running, Knox will use round-robin to forward the requests.
OPSAPS-61474: Knox's data/applications folder gets recreated every time Knox starts.
OPSAPS-62573: CSD code for handling log4j2 config files for Knox.
OPSAPS-64309: Modified the Knox 7.1.8 CSD to include the WebHDFS work-around for FIPS-enabled clusters.
OPSAPS-64387: When multiple instances of Schema Registry are running, Knox will use round-robin to forward requests.

Apache patch information

  • KNOX-2810
  • KNOX-2733
  • KNOX-2747
  • KNOX-2770
  • KNOX-2782
  • KNOX-2757
  • KNOX-2736