Fixed Issues in Apache Oozie
Review the list of Oozie issues that are resolved in Cloudera Runtime 7.2.18.
- CDPD-44209 SqoopMain's printArgs masks Sqoop command line option if preceding one contains "password"
- In YARN, there was a previous issue in Oozie where command-line arguments were masked incorrectly due to mistaken password detection. As a resolution, customers now have the option to utilize the "oozie.launcher.argumentMaskingExceptionList" configuration. This feature allows them to specify exceptions for password masking. For detailed information on how to use this configuration, please refer to the documentation in oozie-default.xml.
- CDPD-46049 SSH action fails when 'oozie.action.ssh.http.command.post.options' property contains double quotes
- The SSH action's callback mechanism failed with "Invalid content-type" error when capture-output was used in the action definition.
- CDPD-50296 Improve Oozie's app state action checking
- Enhanced Oozie's action state checking, to immediately query for running applications right after start-up.
- CDPD-50915 Oozie shouldn't ignore hive-site.xml on host if no hive-site is on Spark share lib
- Now, Oozie will not ignore a *-site.xml file in a Spark or Spark3 action if it was specified manually via the --files Spark opts.
- CDPD-55101 Invocation of Main class completed Message is skipped when LauncherSecurityManager calls system exit
- Oozie will print out the 'Invocation of Main class completed' message in the Launcher AM logs even if there is a security Exception.
- CDPD-56724 Oozie web console is allowing access to list directories
- From now on, directory listing through the Oozie web console is disabled.
- CDPD-65049: HTTP security headers are missing from Oozie response
- Oozie now returns the HSTS headers in all of its API and UI servlets
- CDPD-64730: Oozie LauncherAM memory settings cannot be applied
- Fixed the issue where the Oozie LauncherAM memory settings couldn't be applied
- CDPD-64376: Oozie's Spark and Spark3 option parser does not respect Java arguments starting with '--'
- Fixed the issue where Oozie incorrectly split the arguments of a Spark or Spark3 action where a special Java argument (for example --add-exports) was used inside another Spark argument
- CDPD-64133: The Oozie client should be able to handle Java 11+ related parameters
- The Oozie command line tool now handles Java 11+ related (for example --add-exports) arguments correctly
- CDPD-63724: Add spark-sql-kafka to Oozie Spark/Spark3 share libs
- The spark-sql-kafka library was added to the Spark/Spark3 ShareLibs to make sure Spark-Atlas Hooks are always working as expected
- CDPD-63326: Fix CVE-2023-36877 Apache Oozie Spoofing Vulnerability
- Oozie santitizes custom filters, hence preventing the execution of vulnerable scripts
- CDPD-58538: Oozie should upload and use the config files from sqoop-conf/managers.d when available
- Previously, Oozie did not honor Sqoop's managers.d configurations and extra connector Jars from the lib folder, but now both are automatically available in Oozie's Sqoop action, allowing users to seamlessly utilize connectors like the Sqoop Teradata connector without the need for manual configuration updates or copying Jars to the Workflow's lib folder
- CDPD-56936: Oozie's db cli tool does not honour custom connection properties
- The Oozie DB CLI tool did not respect the "ConnectionProperties" property set by the user through the "oozie.service.JPAService.connection.properties" configuration in Oozie
- CDPD-56724: Oozie web console is allowing access to list directories
- From now directory listing via the Oozie web console is disabled
- CDPD-55101: Invocation of Main class completed Message is skipped when LauncherSecurityManager calls system exit
- Oozie will print out the 'Invocation of Main class completed' message in the Launcher AM logs even if there is a security Exception
- CDPD-50915: Oozie shouldn't ignore hive-site.xml on host if no hive-site is on Spark share lib
- Oozie now will not ignore a *-site.xml file in a Spark or Spark3 action if it was specified manually via the --files Spark opts
- CDPD-50296: Improve Oozie's app state action checking
- Enhanced Oozie's action state checking, to immediately query for running applications right after start-up
- CDPD-47821: Add missing Sqoop Atlas notification jars to Sqoop share lib
- Earlier, Atlas notification was non-functional in Oozie's Sqoop action due to missing Jars, but with the inclusion of those Jars in Oozie's Sqoop ShareLib, Atlas notifications are now expected to function correctly in Oozie's Sqoop action.
- CDPD-46049: SSH action fails when 'oozie.action.ssh.http.command.post.options' property contains double quotes
- The SSH action's callback mechanism failed with "Invalid content-type" error when capture-output was used in the action definition
- CDPD-44209: SqoopMain's printArgs masks Sqoop command line option if preceding one contains "password"
- In Yarn, there was a previous issue in Oozie where command-line arguments were masked incorrectly due to mistaken password detection. As a resolution, customers now have the option to utilize the "oozie.launcher.argumentMaskingExceptionList" configuration. This feature allows them to specify exceptions for password masking. For detailed information on how to use this configuration, please refer to the documentation in oozie-default.xml.
Apache patch information
- OOZIE-3718
- OOZIE-3716
