Fixed Issues in Apache Livy

Review the list of Apache Livy issues that are resolved in Cloudera Runtime 7.2.18.

CDPD-61564: Spark - Caused by: java.lang.NoClassDefFoundError: org/datanucleus/store/query/cache/QueryCompilationCache
Upgraded datanucleus-core dependency to 5.2.10
CDPD-55423: remove verbose output on Livy UI Error pages.
We have added a new Livy configuration property "livy.server.send-server-version". This can be set to "true" to send the server version in CM. By default this properties is set as "false".
CDPD-55116: Fix Spark vulnerability CVE-2023-22946
This fix is blacklisting “spark.submit.deployMode” and “spark.submit.proxyUser.allowCustomClasspathInClusterMode” spark configurations in Livy create session REST API. We have added a new Livy configuration “livy.server.session.allow-custom-classpath” to allow custom class path. In order to disable or rollback this fix, we can add “livy.server.session.allow-custom-classpath” as “true” in Livy configuration via the CM safety valve.

Apache Patch Information

  • LIVY-975
  • LIVY-974