Fixed Issues in Apache Oozie

Review the list of Oozie issues that are resolved in Cloudera Runtime 7.2.18.

CDPD-44209 SqoopMain's printArgs masks Sqoop command line option if preceding one contains "password"
In YARN, there was a previous issue in Oozie where command-line arguments were masked incorrectly due to mistaken password detection. As a resolution, customers now have the option to utilize the "oozie.launcher.argumentMaskingExceptionList" configuration. This feature allows them to specify exceptions for password masking. For detailed information on how to use this configuration, please refer to the documentation in oozie-default.xml.
CDPD-46049 SSH action fails when 'oozie.action.ssh.http.command.post.options' property contains double quotes
The SSH action's callback mechanism failed with "Invalid content-type" error when capture-output was used in the action definition.
CDPD-50296 Improve Oozie's app state action checking
Enhanced Oozie's action state checking, to immediately query for running applications right after start-up.
CDPD-50915 Oozie shouldn't ignore hive-site.xml on host if no hive-site is on Spark share lib
Now, Oozie will not ignore a *-site.xml file in a Spark or Spark3 action if it was specified manually via the --files Spark opts.
CDPD-55101 Invocation of Main class completed Message is skipped when LauncherSecurityManager calls system exit
Oozie will print out the 'Invocation of Main class completed' message in the Launcher AM logs even if there is a security Exception.
CDPD-56724 Oozie web console is allowing access to list directories
From now on, directory listing through the Oozie web console is disabled.
CDPD-65049: HTTP security headers are missing from Oozie response
Oozie now returns the HSTS headers in all of its API and UI servlets
CDPD-64730: Oozie LauncherAM memory settings cannot be applied
Fixed the issue where the Oozie LauncherAM memory settings couldn't be applied
CDPD-64376: Oozie's Spark and Spark3 option parser does not respect Java arguments starting with '--'
Fixed the issue where Oozie incorrectly split the arguments of a Spark or Spark3 action where a special Java argument (for example --add-exports) was used inside another Spark argument
CDPD-64133: The Oozie client should be able to handle Java 11+ related parameters
The Oozie command line tool now handles Java 11+ related (for example --add-exports) arguments correctly
CDPD-63724: Add spark-sql-kafka to Oozie Spark/Spark3 share libs
The spark-sql-kafka library was added to the Spark/Spark3 ShareLibs to make sure Spark-Atlas Hooks are always working as expected
CDPD-63326: Fix CVE-2023-36877 Apache Oozie Spoofing Vulnerability
Oozie santitizes custom filters, hence preventing the execution of vulnerable scripts
CDPD-58538: Oozie should upload and use the config files from sqoop-conf/managers.d when available
Previously, Oozie did not honor Sqoop's managers.d configurations and extra connector Jars from the lib folder, but now both are automatically available in Oozie's Sqoop action, allowing users to seamlessly utilize connectors like the Sqoop Teradata connector without the need for manual configuration updates or copying Jars to the Workflow's lib folder
CDPD-56936: Oozie's db cli tool does not honour custom connection properties
The Oozie DB CLI tool did not respect the "ConnectionProperties" property set by the user through the "oozie.service.JPAService.connection.properties" configuration in Oozie
CDPD-56724: Oozie web console is allowing access to list directories
From now directory listing via the Oozie web console is disabled
CDPD-55101: Invocation of Main class completed Message is skipped when LauncherSecurityManager calls system exit
Oozie will print out the 'Invocation of Main class completed' message in the Launcher AM logs even if there is a security Exception
CDPD-50915: Oozie shouldn't ignore hive-site.xml on host if no hive-site is on Spark share lib
Oozie now will not ignore a *-site.xml file in a Spark or Spark3 action if it was specified manually via the --files Spark opts
CDPD-50296: Improve Oozie's app state action checking
Enhanced Oozie's action state checking, to immediately query for running applications right after start-up
CDPD-47821: Add missing Sqoop Atlas notification jars to Sqoop share lib
Earlier, Atlas notification was non-functional in Oozie's Sqoop action due to missing Jars, but with the inclusion of those Jars in Oozie's Sqoop ShareLib, Atlas notifications are now expected to function correctly in Oozie's Sqoop action.
CDPD-46049: SSH action fails when 'oozie.action.ssh.http.command.post.options' property contains double quotes
The SSH action's callback mechanism failed with "Invalid content-type" error when capture-output was used in the action definition
CDPD-44209: SqoopMain's printArgs masks Sqoop command line option if preceding one contains "password"
In Yarn, there was a previous issue in Oozie where command-line arguments were masked incorrectly due to mistaken password detection. As a resolution, customers now have the option to utilize the "oozie.launcher.argumentMaskingExceptionList" configuration. This feature allows them to specify exceptions for password masking. For detailed information on how to use this configuration, please refer to the documentation in oozie-default.xml.

Apache patch information

  • OOZIE-3718
  • OOZIE-3716