Fixed Issues in Cloudera Runtime 7.2.17.1000
You can review the list of reported issues and their fixes in Cloudera Runtime 7.2.17.1000.
- CDPD-78193: CSV injection vulnerability during CSV and Excel file export
- When policies were created with special characters mentioned in a
doc, there were vulnerabilities that could be exploited.
The issue is fixed now. Checks are now added to ensure that, whenever such characters are present, a space after it is added.
- CDPD-78180: Upgraded Swagger-UI to 5.18.2
- Upgrade the Swagger UI version to 5.18.2 due to DOMPurify
CVE.
Apache Jira:: RANGER-5109
- CDPD-77399: HBase fails to register the servlet metrics and raises ClassNotFoundException: org.apache.hadoop.metrics.MetricsServlet
- This issue is fixed now. HBase does not warn about the Hadoop
2-based metric servlet class on a Hadoop 3 deployment.
Apache Jira:: HBASE-28315
- CDPD-77905: MRCompactor causes data loss during major compaction
- During a major compaction, records matching certain conditions were lost due to incorrect handling in MRCompactor.
Fixed Common Vulnerabilities and Exposures
Common Vulnerabilities and Exposures (CVE) that are fixed in Runtime 7.2.17.1000:
- CVE-2024-55532 - Apache Ranger
- CVE-2021-41973 - Apache Mina
- CVE-2024-45801 - DOMPurify
- CVE-2024-47875 - DOMPurify
- CVE-2024-48910 - DOMPurify
