Fixed Issues in Apache Hive

Review the list of Hive issues that are resolved in Cloudera Runtime 7.2.17.

OPSAPS-67031: Increase the hive split threads to 64 for AWS and GCP

This fix addresses a performance issue for Ranger Raz with specific cloud providers. As part of this fix, the default value for Hive split processing threads (hive.compute.splits.num.threads) is increased to 64. This change affects only Amazon Web Services (AWS) and Google Cloud Platform (GCP) deployments.

CDPD-39232: Performance impact caused by RANGER-3593 when running SHOW TABLES query

During authorization checks, the Ranger plugin looks for ownership information for database objects (database, tables, or views) through HMS API calls if the ownership information is not provided by Hive. For databases having a large amount of tables, this can result in slow performance for statements like SHOW TABLES because the Ranger plugin has to generate an API call for each object.

This fix ensures that ownership information is provided by Hive for the above statements so that the Ranger authorization plugin does not have to issue HMS API calls.

CDPD-40779: Hive - Upgrade netty to 4.1.77 due to CVE-2022-24823

Upgraded netty to 4.1.77 to fix CVEs.

CDPD-43490: Hive Security - Upgrade jackson-databind to 2.12.7.1 due to critical CVEs

Upgraded jackson-databind to 2.12.7.1 to fix CVEs.

CDPD-43509: Hive Security - Upgrade dom4j: flexible XML framework for Java to safe version due to critical CVEs

Removed dom4j to fix CVEs.

CDPD-46097: Null Pointer Exception with mask udf

This fix addresses the issue where the 'SHA512' masked value is not being propagated to Tez executors.

CDPD-46360: Authorize DataConnectors in Hive until CDPD-26882 is implemented

Data connectors in HIVE are temporarily authorized using RWSTORAGE privileges until CDPD-26882 is resolved.

CDPD-46568: Hive - Upgrade Apache Ivy to 2.5.1 due to CVE-2022-37865, CVE-2022-37866

Upgraded apache ivy to 2.5.1 to fix CVEs.

CDPD-46664: Hive - Upgrade commons-codec to 1.13 or higher

Upgraded commons-codec to 1.15 to fix CVEs.

CDPD-47132: Pushdown Date data type to metastore via direct SQL/ JDO

Fix partition filtering when querying partition metadata from Hive Metastore and the partition key column data type is 'date'.

CDPD-47464: ALTER VIEW command is allowed even when user has a deny policy on the underlying table

The ALTER VIEW statement was not authorized correctly. This fix addresses the security concern related to the authorization of ALTER VIEW AS queries.

CDPD-48022: Hive - Upgrade postgresql to 42.5.1 due to CVE-2022-41946

Upgraded PostgreSQL to 42.5.1 to fix CVEs

CDPD-48801: Pushdown Timestamp data type to metastore via direct SQL / JDO

Support partition filtering when querying partition metadata from Hive Metastore and partition key column data type is 'timestamp'.

CDPD-49145: Oozie and Spark tests are failing in multi-comp-pre with ZooKeeper-based or direct JDBC URL to Hive

HiveServer (HS2) uses the InetAddress.getHostName() API to get its host name and register itself with ZooKeeper. The API behaviour is changed on JDK 11 with specific operating systems and returns only the host name without the domain suffix. Therefore, HiveServer is not accessible to clients when the server information is obtained from Zookeeper.

To address this issue, the InetAddress.getCanonicalHostName() API is used to get the host name along with the fully qualified domain name.

CDPD-49507: {OWNER} policy not working with HIVE UDFs in RangerHiveAuthorizer

The UDFs used in Hive will now honor {Owner} polices in ranger with this fix.

CDPD-50450: Inconsistency between session Hive and thread-local Hive may cause HS2 deadlock

Two HS2 sessions can go into a deadlock state and can indefinitely wait for each other (related to RANGER-3593). This fix resolves the deadlock condition.

CDPD-55168: HiveConnection: HTTP Response code: 404 Failed to connect to master node on YCloud

This issue has been fixed based on the support provided in Cloudera Manager for Knox Custom Topology management.

CDPD-55914: SELECT query on table with remote database returns NULL values with postgreSQL and Redshift data connectors

This fix addresses the issue where some datatypes are not mapped from postgreSQL or Redshift to Hive data types in the connector, which results in displaying null values for the columns of these data types.

CDPD-56133: Compaction entry dequeue order

This fix addresses the issue where compaction requests are dequeued in a random order. With this fix, the compaction requests are now dequeued in a First In First Out (FIFO) order.