Cumulative hotfix CDP PvC Base 7.1.8.15-5 (Cumulative hotfix4)

Know more about the cumulative hotfix 4 for 7.1.8. This cumulative hotfix was released on February 23, 2023.

Following are the list of fixes that were shipped for CDP Private Cloud Base version 7.1.8-1.cdh7.1.8.p15.37973152

Issue Description
COMPX-13398 QM - Replace log4j 1.x with reload4j - 7.1.8.x
COMPX-12815 Backport YARN-10178 to 7.1.8 CHFx : Crash in global async scheduler thread
COMPX-12803 QM 7.1.8 CHF4 - Upgrade Apache Commons Text to 1.10.0 due to CVE-2022-42889
COMPX-12687 Config Store 7.1.8 CHF4 - Remove Apache commons-text dependency
CDPD-49491 CPX - Use external versions for reload4j
CDPD-48947 Ranger Upgrade from 7.2.11 to 7.2.16 failed
CDPD-48546 CDH-7.1.8.x - Impala build failure - Ubuntu20
CDPD-48420 Backport CDPD-42069 to CDH 7.1.8.x
CDPD-48362 Constantly failing tests in TopicCommandIntegrationTest
CDPD-48352 [ranger][replication] Import succeeds but policies were skipped
CDPD-48319 Backport IMPALA-10702
CDPD-48318 Backport IMPALA-10794 and IMPALA-11401 to 7.1.8
CDPD-48259 Ranger Admin landing page via knox proxy is broken after upgrade
CDPD-48244 ranger] [replication] Support policyMatchingAlgorithm parameter for ranger policy replication
CDPD-48232 [ranger] [replication] Policy transform step is removing hdfs execute permission.
CDPD-48215 Exclude reload4j from Hadoop dependencies
CDPD-48210 Backport HIVE-26567 to CDH-7.1.8.x
CDPD-48209 Backport HIVE-26566 to CDH-7.1.8.x
CDPD-48207 Backport HIVE-26504 to CDH-7.1.8.x
CDPD-48206 Backport HIVE-26488 to CDH-7.1.8.x
CDPD-48205 Backport HIVE-26253 to CDH-7.1.8.x
CDPD-48204 Backport HIVE-25856 to CDH-7.1.8.x
CDPD-48203 Backport HIVE-25755 to CDH-7.1.8.x
CDPD-48202 Backport HIVE-25391 to CDH-7.1.8.x
CDPD-48201 Backport HIVE-25223 to CDH-7.1.8.x
CDPD-48193 Backport HIVE-26875 to CDH-7.1.8.x
CDPD-48152 Fix IMPALA-11812 in 7.1.8: Catalogd OOM due to lots of HMS FieldSchema instances
CDPD-48139 Backport PARQUET-1744 to CDH-7.1.8.x
CDPD-48136 Backport HIVE-21599 to CDH-7.1.8.x
CDPD-48131 Disable TestZookeeperLockManager#testMetrics on CDH-7.1.8.x
CDPD-48129 [ranger][replication] If a change is made in the resource field of a policy on the source cluster, a new policy is created on the target cluster instead of changing the existing policy
CDPD-48119 Ranger - Upgrade OWASP Java HTML Sanitizer due to security CVEs
CDPD-48116 Disable orc_merge9 on CDH-7.1.8.x
CDPD-48097 Backport HIVE-23220 to CDH-7.1.8.x
CDPD-48092 Hue fails to translate Korean langauge
CDPD-48055 Ranger Replication : Support both JDK 8 and JDK 11 on destination cluster
CDPD-48051 Knox - Upgrade Cloudera Manager API due to CVE-2021-29243, CVE-2021-32482
CDPD-48041 Ranger - Upgrade commons-net to 3.9.0 due to CVE-2021-37533
CDPD-48032 Ranger - Upgrade jettison to 1.5.2 due to CVE-2022-45685 and CVE-2022-45693
CDPD-48008 Zeppelin - Upgrade httpclient due to CVE-2020-13956
CDPD-47992 Cruise Control - Upgrade Netty to 4.1.86.Final due to CVE-2022-41881, CVE-2022-41915
CDPD-47990 Kafka - Upgrade Netty to 4.1.86.Final due to CVE-2022-41881, CVE-2022-41915
CDPD-47989 Ranger - Upgrade Netty to 4.1.86.Final due to CVE-2022-41881, CVE-2022-41915
CDPD-47955 [7.1.8 CHF4] - Ranger - Upgrade bootbox to 6.0.0 due to GHSA-87mg-h5r3-hw88
CDPD-47950 Ranger - Upgrade tomcat to 8.5.84/9.0.69+/10.1.2+ due to CVE-2022-42252, CVE-2022-34305, CVE-2022-45143
CDPD-47909 Ranger - Upgrade moment.js to 2.29.4 due to CVE-2022-24785, CVE-2022-31129
CDPD-47880 DAS - Upgrade protobuf-java to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171
CDPD-47876 HUEQP - Upgrade jackson-databind to 2.12.7.1 or 2.13.4.2 due to high CVEs
CDPD-47868 [7.1.8 CHF4-CLONE] - Backport RANGER-3593 into cdpd-master
CDPD-47843 Backport HIVE-26736 to CDH-7.1.8.x
CDPD-47842 Backport HIVE-26671 to CDH-7.1.8.x
CDPD-47841 Backport HIVE-25738 to CDH-7.1.8.x
CDPD-47840 Backport HIVE-24579 to CDH-7.1.8.x
CDPD-47839 Backport HIVE-21152 to CDH-7.1.8.x
CDPD-47836 SMM Data Explorer offset slider 'from offset' doesn't update on partition change
CDPD-47813 Atlas - Do the fix for CVE-2022-34271
CDPD-47777 Remove unused hadoop.guava.version from HBase pom.xml
CDPD-47745 Fix 7.1.8 CHF4 for IMPALA-11753 CatalogD OOMkilled due to natively allocated memory
CDPD-47649 impala build failure in 7.1.7.2000 due to versions:set
CDPD-47611 Ignore testRollbackForSplitTableRegionWithReplica() in TestSplitTableRegionProcedure
CDPD-47610 test_scanners.TestParquet.test_corrupt_files fails on 7.1.8 in S3 builds
CDPD-47602 Backport PHOENIX-6638 to 7.1.8 CHF4
CDPD-47600 Backport to CHF 4: Restart of HIVE_ON_TEZ causes a Knox topology redeploy
CDPD-47590 Backport "FSCK Report broken with RequestHedgingProxyProvider" to CDH-7.1.8.x
CDPD-47460 IMPALA-11631 Impala crashes in impala::TopNNode::Heap::Close()
CDPD-47457 NFS Gateway may release buffer too early
CDPD-47409 Unit tests in TestAuthFilterAuthOozieClient fail intermittently
CDPD-47407 Backport HADOOP-18499 S3A to support HTTPS web proxies to 7.1.8.x
CDPD-47405 Backport KNOX-2824 (Make SameSite attribute on KnoxSSO Cookie Configurable) to 7.1.8
CDPD-47395 Atlas - Upgrade jackson-databind to 2.12.7.1 or 2.13.4.2 for 7.1.8 CHF4 due to high CVEs
CDPD-47378 Backport Hue PR 3107
CDPD-47362 IMPALA-11779 Codegen crash due to null slots
CDPD-47355 CPX - use external versions for wiremock-jre8
CDPD-47354 Backport PHOENIX-6711 to 7.1.8 CHF4
CDPD-47337 backport CDPD-46689 to 7.1.8.x
CDPD-47335 backport CDPD-26518 to 7.1.8.x
CDPD-47320 testLoadOnRestart unit test failed on 7.1.8 CHF 3
CDPD-47317 COLSTATUS Null Pointer Exception for implicit collections
CDPD-47273 backport PATCH-5596 IMPALA-10654 to 7.1.8.x
CDPD-47270 backport PATCH-5596 IMPALA-10948 to 7.1.8.x
CDPD-47262 Remove apache commons-text replacement from components.ini
CDPD-47251 testRetryConsoleUrlForked unit test fails with NPE
CDPD-47246 Enable Gerrit build/test for ratis-thirdparty
CDPD-47245 Add reload4j dependency to Distcp share lib
CDPD-47196 Smile unit tests are failing in Solr 7.1.8.x
CDPD-47137 Backport part of HBASE-27141 from upstream to 7.1.7 SP2
CDPD-47134 Kafka Connect unit test job fails frequently due to docker image build problems
CDPD-47129 Handle empty CSV fields via OpenCSVSerde
CDPD-47105 IMPALA-11751 Crash in processing partition columns of Avro table with MT_DOP>1
CDPD-47074 Set column names in result schema when plan has Values root
CDPD-47030 Impala-shell ldap_password_cmd fails on Python 3.8
CDPD-46984 Hbase replication Policy set up fails between 7.1.8 and 7.2.16 cluster
CDPD-46969 backport IMPALA-11274 to 7.1.8 CHF4
CDPD-46890 HBase-thirdparty - Upgrade Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server to 9.4.48.v20220622/11.0.11 due to critical CVEs
CDPD-46794 Connection pool for ObjectStore does not emit metrics
CDPD-46789 Policy update request fails if isDenyAllElse flag is set true in request json when using "/policy/apply" API
CDPD-46774 Enable batch mode for the Spark Atlas connector unit tests, do not use the Apache maven repo
CDPD-46747 Upgrade saxon to 10.8
CDPD-46669 Zeppelin - Upgrade commons-codec to 1.13 or higher
CDPD-46665 Livy - Upgrade commons-codec to 1.13 or higher
CDPD-46664 Hive - Upgrade commons-codec to 1.13 or higher
CDPD-46658 Solr - Upgrade wildfly-openssl to 1.1.3.Final/1.1.3.Final+ due to CVE-2020-25644
CDPD-46657 Hadoop - Upgrade wildfly-openssl to 1.1.3.Final/1.1.3.Final+ due to CVE-2020-25644
CDPD-46626 Test failure: TestContainerRunnerImpl.testSubmitSameFragment
CDPD-46568 Hive - Upgrade Apache Ivy to 2.5.1 due to CVE-2022-37865, CVE-2022-37866
CDPD-46564 Hue - Upgrade protobuf-java to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171
CDPD-46560 Knox - Upgrade protobuf-java to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171
CDPD-46552 Hbase-thirdparty - Upgrade protobuf-java to 3.21.9 due to CVE-2022-3171
CDPD-46549 CDPD - Upgrade protobuf-java to 3.16.3/3.19.6/3.20.3/3.21.7 due to CVE-2022-3171
CDPD-46322 Update logredactor to 2.0.14 due to CVEs in jackson-databind
CDPD-46198 Search - Upgrade jsoup to 1.15.3 due to high CVEs
CDPD-46161 [ranger][replication] cm_hdfs service wasn't transformed properly
CDPD-46160 [ranger][replication] Export should fail for non-existing services
CDPD-45966 Sqoop - Upgrade hsqldb to 2.7.1 due to CVE-2022-41853
CDPD-45964 Oozie - Upgrade hsqldb to 2.7.1 due to CVE-2022-41853
CDPD-45959 Some tests fail with ssl3_get_server_certificate:certificate verify failed
CDPD-45687 Hue Server ignore ssl_cipher_list configuration
CDPD-45578 Upgrade jettison to 1.5.1 due to CVE-2022-40149, CVE-2022-40150
CDPD-45576 Atlas - Upgrade jettison to 1.5.1 due to CVE-2022-40149, CVE-2022-40150
CDPD-45539 Upgrade hsqldb to 2.7.1 due to CVE-2022-41853
CDPD-45498 Add missing changes of CDPD-23445 patches
CDPD-45448 Use Calcite to remove sections of a query plan known never produces rows
CDPD-45385 DAS - Upgrade snakeyaml to 1.32 due to high CVEs
CDPD-45302 spark_atlas_connector_for_spark3_unittests failures
CDPD-44719 Spark Atlas Connector - Update log4j to reload4j
CDPD-43856 Zeppelin - Upgrade postgresql JDBC Driver to 42.5.1 due to CVE-2022-31197
CDPD-43540 Hive Security - Upgrade jersey's jersey to 2.36/3.0.5 due to medium CVEs
CDPD-43354 Zeppelin - Remove vulnerable Apache Xalan Java library (CVE-2022-34169)
CDPD-42699 Livy - Update log4j to reload4j
CDPD-42599 Spark - Update log4j1 to reload4j
CDPD-42572 Zeppelin - Cherry-pick ZEPPELIN-4489 due to CVE-2020-13929
CDPD-42499 Zeppelin - Upgrade HtmlUnit to 2.62.0 due to high CVEs
CDPD-42447 Phoenix - Upgrade ICU4J to safe version due to high CVEs
CDPD-42428 Zeppelin - Upgrade jsoup to 1.15.3 due to high CVEs
CDPD-42384 Spark Atlas Connector - Upgrade Data Mapper for Jackson to 1.9.16-TALEND due to high CVEs
CDPD-42290 Zeppelin - Upgrade JDOM to 2.0.6.1 due to high CVEs
CDPD-42285 Avro - Upgrade JDOM to 2.0.6.1 due to high CVEs
CDPD-42217 Avatica - Upgrade Apache HttpClient to 4.5.13 due to medium CVEs
CDPD-42153 Knox - Upgrade Protocol Buffer Java API to 2.6.1/3.21.2 due to medium CVEs
CDPD-42138 Avatica - Upgrade Protocol Buffer Java API to 2.6.1/3.21.2 due to medium CVEs
CDPD-42135 Upgrade Netty Project to 4.1.78.Final due to critical CVEs
CDPD-42115 HBase - Upgrade Netty Project to 4.1.78.Final due to critical CVEs
CDPD-42029 Oozie - Upgrade jackson-databind to 2.12.7.1 or 2.13.4.2 due to high CVEs
CDPD-42014 Atlas - Upgrade jackson-databind to 2.12.7.1 or 2.13.4.2 due to high CVEs
CDPD-41998 Phoenix-connectors - Upgrade Guava: Google Core Libraries for Java to v28.2/31.1-jre due to low CVEs
CDPD-41997 Phoenix-thirdparty - Upgrade Guava: Google Core Libraries for Java to v28.2/31.1-jre due to low CVEs
CDPD-41988 HBase-thirdparty - Upgrade Guava: Google Core Libraries for Java to v28.2/31.1-jre due to low CVEs
CDPD-41981 Curator - Upgrade Guava: Google Core Libraries for Java to v28.2/31.1-jre due to low CVEs
CDPD-41975 Avatica - Upgrade Guava: Google Core Libraries for Java to v28.2/31.1-jre due to medium CVEs
CDPD-41279 Sqoop - Upgrade protobuf-java to 3.16.1+ due to CVE-2021-22569
CDPD-41264 IMPALA-10316 load_nested.py failed due to out of memory during Jenkins GVO
CDPD-40916 Zeppelin - Upgrade xercesImpl to 2.12.2 or later due to CVE-2022-23437
CDPD-40912 Kafka Connect - Upgrade wildfly-elytron to 1.15.5 / 1.16.1 due to CVE-2021-3642
CDPD-40849 Zeppelin - Upgrade gson to 2.9.0 due to CVE-2022-25647
CDPD-31728 Audits : For db create , there are 2 update audits instead of 1 create 1 update
CDPD-29098 Oozie - Replace log4j 1.x with reload4j
CDPD-29057 HBase - Replace log4j 1.x with reload4j
CDPD-27403 DAS - Upgrade hibernate-validator to 6.1.6.Final or later due to CVE-2020-10693, CVE-2019-10219
CDPD-25701 IMPALA-10683 TestHdfsParquetTableWriter.test_double_precision broken on S3
CDPD-19398 Zeppelin - Upgrade to jersey-media-jaxb 2.32
  • Table 1. Cloudera Runtime 7.1.8.15 (Cumulative Hotfix 4) download URL:
    Parcel Repository Location
    https://[username]:[password]@archive.cloudera.com/p/cdh7/7.1.8.15/parcels/