Fixed Issues in Apache Ranger

CDPD-65433: Execute and read permissions granted to a user in different HDFS policies does not take effect.

As part of this bug fix, execute and read permissions granted to a user in different HDFS policies are working as expected. For example:

Policy 1: Granted the "public" group "execute" permission to "/" HDFS policy recursively.

Policy 2: Granted only the "read" permission to the user for "/hdp"

Perform a list on "/hdp”.

CDPD-65310: [7.2.18 CLONE] - Performance degradation while retrieving mapped hive resource for s3 location.

Retrieving mapped hive resource for s3 location will be faster.

CDPD-64800: Classic UI - Security zone form not populate resources value properly while creating and editing zone form.

After the patch, zone form populates resources value properly.

CDPD-63148: RAZ client should encode the authorization URL to support unicode characters

Call to RAZ authorization api to support non-english characters in the URL.

CDPD-62934: Insecure direct object reference

As part of this fix, audit metrics endpoint made secure.

CDPD-61584: [Intermittent] Active NN not getting latest resource mappings from RMS server

NameNode is HA-enabled and both NameNodes send requests to download deltas after the full-sync is performed in RMS; then both NN will get the latest resource mappings from the RMS server.

CDPD-60952: [7.2.18.0] - Add server side validation for service audit filter

As part of this fix added server-side validation for service audit filter.

CDPD-60870: Ranger KMS junit tests are failing

Unsupported cipher removed from UT.

CDPD-57635: 7.2.18 -pre-cdpd-master - Ranger Raz: Need to fix default truststore and keystore type

Replace hard coded jks with KeyStore.getDefaultType for initialising the default store type.

CDPD-60518: Introduce config within Ranger to control retention period of x_trx_log data

Add config within Ranger to control retention period of x_trx_log table data.

CDPD-60268: [7.2.18 - CLONE] - RangerJSONAuditWriter creates new log file for writing ranger audits as JSON every time there is an Exception

Fixes unnecessary new audit log files from getting created.

CDPD-59587: CLONE [7.2.18] - Ranger RMS for Ozone

Ranger RMS will support authorization for Ozone storage locations. RMS for Ozone will co-exist with Hive-HDFS ACL sync and provide authorization for both HDFS and Ozone file systems.

CDPD-59133: CLONE - Ranger[7.2.18] : Upgrade commons-configuration2 to 2.9.0 due to CVEs

As part of this fix, upgraded commons-configuration2 to 2.9.0

CDPD-58569: Ranger - Upgrade Guava to 32.0.1 due to CVE-2023-2976

Upgrade Guava library version to 32.0.1.

CDPD-58493: Ranger - Upgrade Netty Project to 4.1.94.Final due CVE-2023-34462

Upgrade Netty Project to 4.1.94.Final.

CDPD-57453: Atlas Error while writing audits to GCP Datalake

Removed the lib which was causing the conflict.

CDPD-57318: Ranger - Upgrade jackson-dataformat-xml to 2.13.5 due to multiple CVEs in woodstox

Use woodstox-core to 5.4.0 version.

CDPD-57018: Ranger - Upgrade aws-java-sdk to 1.12.367+

Upgrade aws-java-sdk to 1.12.481.

CDPD-56737: Ranger - Upgrade Tomcat to 8.5.89 due to CVE-2023-28709

Upgrade Tomcat to 8.5.89.

CDPD-56384: Ranger - Upgrade Spring LDAP to 2.4.1 due to high CVEs

Upgrade Spring LDAP to 2.4.1.

CDPD-56383: Ranger - Upgrade BeanShell to 2.1b5 due to high CVEs

Upgrade BeanShell to 2.1b5 by upgrading testNG to 7.0.0.

CDPD-56381: Ranger - Upgrade Apache Derby due to critical CVEs

Upgrade Apache Derby to 10.14.2.0.

CDPD-56343: Feature request for Ranger : More than 25 policies per page

This issue is fixed in ranger admin react UI.

CDPD-56300: Introduce config within Ranger to control retention period of x_auth_session data

Add config within Ranger to control retention period of x_auth_session table data.

CDPD-56213: Fix sql patch 65 syntax issue for oracle db

Fix sql patch 65 syntax issue for oracle db.

CDPD-55997: Log4j2 support : Write java patches logs to log file

Log4j2 support : Write java patches logs to log file.

CDPD-55994: Ranger Upgrade to 7.1.9 may fail

Fix for ranger upgrade failure.

CDPD-55572: shell script to export, transform, import of ranger Roles for ranger replication

Shell script to export, transform, import of ranger Roles for ranger replication.

CDPD-55561: Ranger - Upgrade bcpkix-jdk15on to 1.70+ due to CVE-2019-17359

Upgrade bcpkix-jdk15on to 1.70.

CDPD-55459: Ranger - Upgrade Spring Framework to 5.3.27/6.0.8 due to CVE-2023-20863

Upgrade Spring Framework to 5.3.27.

CDPD-55419: Ranger - Upgrade json-smart to 2.4.10 due to CVE-2023-1370

Upgrade json-smart to 2.4.10.

CDPD-55050: Support SELF_OR_PREFIX resource matching scope in Ranger Authorization

API to find whether a user/group/role is authorized to the given operation on any resource of given type.

CDPD-53651: [UMBRELLA] Ranger Replication

Ranger Policy Replication support in Ranger.

CDPD-50564: Add/ Update Additional metric details for Ranger RMS

Add Additional Metrics for Ranger RMS.

CDPD-50395: Ranger - Upgrade org.json to 20230227+ due to CVE-2022-45688

Removed org.json dependency from Ranger KMS. Ranger KMS does not require this as direct dependency. org.json will be fetched as run time dependency for service Ranger KMS KTS.

CDPD-39939: [PAAS] Ranger RMS improvements

Added support for RMS in public cloud (AWS) to track s3 locations of Hive tables and databases.

CDPD-6087: RangerAuthorizationCoprocessor Unable to get remote Address

Issue already fixed in https://issues.apache.org/jira/projects/RANGER/issues/RANGER-3758 https://jira.cloudera.com/browse/CDPD-45528 Log level changed from info to trace.