Fixed Issues in Cloudera Runtime 7.2.18.1000

You can review the list of reported issues and their fixes in Cloudera Runtime 7.2.18.1000.

CDPD-81435: Upgrade commons-vfs2 to 2.10 due to CVE-2025-27553: The commons-vfs2 version is updated to 2.10 to fix vulnerability issues.
CDPD-75926: Backport SPARK-44653: 7.3.1.100 CHF1; Backported SPARK-44653 to fix cache breaking with non-trivial DataFrame unions.; Apache Jira: SPARK-44653
CDPD-82159: Issue with "After execution stop the interpreter" checkbox: Fixing an issue with a checkbox that was preventing user interaction.
CDPD-27801: Knox is missing HSTS header for HTTP 404 responses: Resolved an issue where Knox was missing the HTTP Strict-Transport-Security response header (HSTS) in HTTP 404 responses. The global HSTS header can now be configured to be included in all HTTP responses.; To configure the HSTS header, go to Cloudera Manager > Knox > Configuration, search for the Knox Service Advanced Configuration Snippet (Safety Valve) for conf/gateway-site.xml property, and set the following parameters to true:

gateway.strict.transport.enabled

gateway.strict.transport.option: (Optional) Use this parameter to specify a timeout value for the HTTS header. This parameter is applicable only if gateway.strict.transport.enabled is set to true.; Apache JIRA: KNOX-3111
CDPD-81958: Improve cookie security in Knox-proxied web UIs with Secure and HttpOnly Attributes: The pac4jCsrfToken cookie has now both Secure and HttpOnly flags in Knox proxied applications, improving the security provided by Knox.; Apache JIRA: KNOX-3134
CDPD-67942: Atlas can't search Chinese/Japanese comment properly: Entities whose comments contain Chinese or Japanese characters can be now searched by using the comment (string), containing filters.
CDPD-81554: Without a permission for one glossary, the /glossary call throws exception and it does not list the remaining glossaries: The getGlossaries method in GlossaryService is updated to ensure that the full paginated list is retrieved, even if some glossaries are skipped. This method includes the following improvements:

Handling skipped glossaries: If some entities fail to load, it fetches additional entities until the requested limit is met.

Efficient pagination: Keeps fetching until it gets the required number of valid glossaries.

Preventing infinite loops: method stops when either the required number of glossaries is retrieved or there are no more to fetch.; Apache JIRA: ATLAS-4995
CDPD-79161: Nullpointer exception while deleting business metadata: The migration status is stored correctly and reused to restart migration from the point where it failed earlier.; Apache JIRA: ATLAS-4863
CDPD-82057: UI: when server response date fields as '0', UI shows as current time: Previously, if an API response contained an invalid date value (such as 0), the current system date was shown. After thix fix, instead of displaying the system date when an invalid date value is encountered in the API response, the user interface displays NA. This change specifically affects the Entity Detail page, where the create time and modified time are displayed.; Apache JIRA: ATLAS-5015
CDPD-34895: Investigate which HTTP security headers Atlas should have in API responses: A static header and a custom header is provided which can be added through atlas-application.properties file. This enables adding custom security headers.; Use the following prefix keyword to customize the header:
In atlas-application.properties instead of using the prefix atlas.rest.headers use atlas.header.
Example:
- atlas.headers.content-security-policy=default-src 'self' // content-security-policy
CDPD-61611: Impala stats blocks Hive partitioned table rename: The issue occurs when the Impala tries to rename a Hive acid table, which has the Impala stats beforehand.
ERROR : Failed org.apache.hadoop.hive.ql.metadata.HiveException: Unable to alter table. Cannot change stats state for a transactional table default.parqtest without providing the transactional write state for verification (new write ID 6, valid write IDs null; current state null; new state {}; To address the issue, as the Impala rename does not change the table's stats, even though the write ID list for this table is absent, the absence is ignored when verifying the stats in such a case.
Hive Metastore schema upgrade fails due to NULL values: During the Hive Metastore schema upgrade, the upgrade script issues the following command:
ALTER TABLE "DBS" ALTER COLUMN "TYPE" SET DEFAULT 'NATIVE', ALTER COLUMN "TYPE" SET NOT NULL;
This fails because the DBS.TYPE column contains NULL values. These NULLs are introduced by canary databases created by Cloudera Manager, which insert entries in the HMS database without setting the TYPE.; The issue was addressed by ensuring that canary databases created by Cloudera Manager correctly populate the TYPE column in the DBS table, preventing NULL values and allowing the schema upgrade to proceed.
CDPD-80939: Missing equivalence conjunct in aggregation node with inline views: In queries that include filters on the result of a UNION operation, the planner removed required conjuncts, which caused incorrect query results.; This has now been fixed.
note
This issue affected only distinct UNION operations, not UNION ALL
Apache Jira: IMPALA-13873
CDPD-78680: Selected long string values getting truncated in the react-select control: In Ranger React UI, the react-select input values are getting truncated for long values.
This issue is fixed. The selected long input string values are not getting truncated on Ranger React UI.

Fixed Common Vulnerabilities and Exposures

The Common Vulnerabilities and Exposures (CVEs) that are fixed in this release are:

CVE-2024-53990 - Async Http Client
CVE-2024-1735 - Armeria
CVE-2025-27553 - Commons VFS2
CVE-2025-30065 - Apache Parquet