Issues Fixed in CDH 5.2.x

The following topics describe known issues fixed in CDH 5.2.x, from newest to oldest release.

CDH 5.2.6

Upstream Issues Fixed

The following upstream issues are fixed in CDH 5.2.6:

  • CRUNCH-516 - Scrunch needs some additional null checks
  • CRUNCH-508 - Improve performance of Scala Enumeration counters in Scrunch
  • CRUNCH-514 - AvroDerivedDeepCopier should initialize delegate MapFns
  • CRUNCH-530 - Fix object reuse bug in GenericRecordToTuple
  • HADOOP-12103 - Small refactoring of DelegationTokenAuthenticationFilter to allow code sharing
  • HADOOP-10839 - Add unregisterSource() to MetricsSystem API
  • HDFS-8337 - Accessing httpfs via webhdfs doesn't work from a jar with kerberos
  • HDFS-7546 - Document, and set an accepting default for dfs.namenode.kerberos.principal.pattern
  • HDFS-6997 - Archival Storage: add more tests for data migration and replicaion
  • HDFS-7980 - Incremental BlockReport will dramatically slow down the startup of a namenode
  • HDFS-8380 - Always call addStoredBlock on blocks which have been shifted from one storage to another
  • HDFS-7312 - Update DistCp v1 to optionally not use tmp location (branch-1 only)
  • YARN-3485 - FairScheduler headroom calculation doesn't consider maxResources for Fifo and FairShare policies
  • YARN-3241 - FairScheduler handles "invalid" queue names inconsistently
  • YARN-2669 - FairScheduler: queue names shouldn't allow periods
  • YARN-3022 - Expose Container resource information from NodeManager for monitoring
  • YARN-2984 - Metrics for container's actual memory usage
  • YARN-3465 - Use LinkedHashMap to preserve order of resource requests
  • MAPREDUCE-6387 - Serialize the recently added Task#encryptedSpillKey field at the end
  • MAPREDUCE-6339 - Job history file is not flushed correctly because isTimerActive flag is not set true when flushTimerTask is scheduled.
  • MAPREDUCE-5710 - Backport MAPREDUCE-1305 to branch-1
  • MAPREDUCE-6238 - MR2 can't run local jobs with -libjars command options which is a regression from MR1
  • HBASE-13826 - Unable to create table when group acls are appropriately set.
  • HBASE-13241 - Add tests for group level grants
  • HBASE-13239 - HBase grant at specific column level does not work for Groups
  • HBASE-13768 - ZooKeeper znodes are bootstrapped with insecure ACLs in a secure configuration
  • HBASE-13789 - ForeignException should not be sent to the client
  • HBASE-13779 - Calling table.exists() before table.get() end up with an empty Result
  • HBASE-13780 - Default to 700 for HDFS root dir permissions for secure deployments
  • HBASE-13768 - ZooKeeper znodes are bootstrapped with insecure ACLs in a secure configuration
  • HBASE-13767 - Allow ZKAclReset to set and not just clear ZK ACLs
  • HBASE-13086 - Show ZK root node on Master WebUI
  • HBASE-13342 - Fix incorrect interface annotations
  • HBASE-13162 - Add capability for cleaning hbase acls to hbase cleanup script.
  • HBASE-12641 - Grant all permissions of hbase zookeeper node to hbase superuser in a secure cluster
  • HBASE-13374 - Small scanners (with particular configurations) do not return all rows
  • HBASE-13269 - Limit result array preallocation to avoid OOME with large scan caching values
  • HBASE-13422 - remove use of StandardCharsets in 0.98
  • HBASE-13335 - Update ClientSmallScanner and ClientSmallReversedScanner
  • HBASE-13262 - ResultScanner doesn't return all rows in Scan
  • HIVE-10841 - [WHERE col is not null] does not work sometimes for queries with many JOIN statements
  • HIVE-9620 - Cannot retrieve column statistics using HMS API if column name contains uppercase characters
  • HIVE-8863 - Cannot drop table with uppercase name after "compute statistics for columns"
  • HIVE-6679 - HiveServer2 should support configurable the server side socket timeout and keepalive for various transports types where applicable
  • OOZIE-1944 - Recursive variable resolution broken when same parameter name in config-default and action conf
  • OOZIE-2218 - META-INF directories in the war file have 777 permissions
  • SENTRY-540 - Fix Sentry test validating special chars in username due to HIVE-8916
  • SENTRY-227 - Fix for "Unsupported entity type DUMMYPARTITION"
  • SOLR-7478 - UpdateLog#close shutdown it's executor with interrupts before running close, preventing a clean close.
  • SOLR-7338 - A reloaded core will never register itself as active after a ZK session expiration
  • SOLR-7370 - FSHDFSUtils#recoverFileLease tries to recover the lease every one second after the first four second wait.
  • ZOOKEEPER-2146 - BinaryInputArchive readString should check length before allocating memory
  • ZOOKEEPER-2149 - Logging of client address when socket connection established
  • IMPALA-1726: Move JNI / Thrift utilities to separate header
  • IMPALA-2002: Provide way to cache ext data source classes

CDH 5.2.5

Upstream Issues Fixed

The following upstream issues are fixed in CDH 5.2.5:

  • HADOOP-11350 - The size of header buffer of HttpServer is too small when HTTPS is enabled
  • HADOOP-11710 - Make CryptoOutputStream behave like DFSOutputStream wrt synchronization
  • HADOOP-11674 - oneByteBuf in CryptoInputStream and CryptoOutputStream should be non static
  • HDFS-6830 - BlockInfo.addStorage fails when DN changes the storage for a block replica
  • HDFS-7960 - The full block report should prune zombie storages even if they're not empty
  • HDFS-6425 - Large postponedMisreplicatedBlocks has impact on blockReport latency
  • HDFS-7575 - Upgrade should generate a unique storage ID for each volume
  • HDFS-7596 - NameNode should prune dead storages from storageMap
  • HDFS-7579 - Improve log reporting during block report rpc failure
  • HDFS-7208 - NN doesn't schedule replication when a DN storage fails
  • HDFS-6899 - Allow changing MiniDFSCluster volumes per DN and capacity per volume
  • HDFS-6878 - Change MiniDFSCluster to support StorageType configuration for individual directories
  • HDFS-6678 - MiniDFSCluster may still be partially running after initialization fails.
  • HDFS-7575 - Upgrade should generate a unique storage ID for each volume
  • HDFS-7960 - The full block report should prune zombie storages even if they're not empty
  • YARN-570 - Time strings are formated in different timezone
  • YARN-2251 - Avoid negative elapsed time in JHS/MRAM web UI and services
  • YARN-3242 - Asynchrony in ZK-close can lead to ZKRMStateStore watcher receiving events for old client
  • MAPREDUCE-5957 - AM throws ClassNotFoundException with job classloader enabled if custom output format/committer is used
  • MAPREDUCE-6076 - Zero map split input length combine with none zero map split input length may cause MR1 job hung sometimes.
  • MAPREDUCE-6275 - Race condition in FileOutputCommitter v2 for user-specified task output subdirs
  • MAPREDUCE-4815 - Speed up FileOutputCommitter#commitJob for many output files
  • HIVE-2828 - make timestamp accessible in the hbase KeyValue
  • HIVE-2828 - make timestamp accessible in the hbase KeyValue
  • HIVE-7433 - ColumnMappins.ColumnMapping should expose public accessors for its fields
  • HIVE-6148 - Support arbitrary structs stored in HBase
  • HIVE-6147 - Support avro data stored in HBase columns
  • HIVE-6584 - Add HiveHBaseTableSnapshotInputFormat
  • HIVE-6411 - Support more generic way of using composite key for HBaseHandler
  • HIVE-6677 - HBaseSerDe needs to be refactored
  • HIVE-9934 - Vulnerability in LdapAuthenticationProviderImpl enables HiveServer2 client to degrade the authentication mechanism to "none", allowing authentication without password
  • HIVE-7737 - Hive logs full exception for table not found
  • HIVE-9716 - Map job fails when table's LOCATION does not have scheme
  • HIVE-8688 - serialized plan OutputStream is not being closed
  • HIVE-5857 - Reduce tasks do not work in uber mode in YARN
  • HUE-2446 - Migrating from CDH 4.7 to CDH 5.0.1+/Hue 3.5+ will fail
  • HUE-2371 - [sentry] Sentry URI should be created only with a ALL permission
  • HUE-1663 - [core] Option to either follow or not LDAP referrals for auth
  • SENTRY-654 - Calls to append_partition fail when Sentry is enabled
  • SOLR-7092 - Stop the HDFS lease recovery retries on HdfsTransactionLog on close and try to avoid lease recovery on closed files.
  • SOLR-7134 - Replication can still cause index corruption.
  • SOLR-7113 - Multiple calls to UpdateLog#init is not thread safe with respect to the HDFS FileSystem client object usage.
  • SOLR-7141 - RecoveryStrategy: Raise time that we wait for any updates from the leader before they saw the recovery state to have finished.
  • SQOOP-1764 - Numeric Overflow when getting extent map
  • IMPALA-1658: Add compatibility flag for Hive-Parquet-Timestamps
  • IMPALA-1794: Fix infinite loop opening/closing file w/ invalid metadata
  • IMPALA-1801: external-data-source-executor leaking global jni refs

CDH 5.2.4

Upstream Issues Fixed

The following upstream issues are fixed in CDH 5.2.4:

  • HDFS-7707 - Edit log corruption due to delayed block removal again
  • YARN-2846 - Incorrect persist exit code for running containers in reacquireContainer() that interrupted by NodeManager restart.
  • HIVE-7733 - Ambiguous column reference error on query
  • HIVE-8444 - update pom to junit 4.11
  • HIVE-9474 - truncate table changes permissions on the target
  • HIVE-6308 - COLUMNS_V2 Metastore table not populated for tables created without an explicit column list.
  • HIVE-9445 - Revert HIVE-5700 - enforce single date format for partition column storage
  • HIVE-7800 - Parquet Column Index Access Schema Size Checking Checking
  • HIVE-9393 - reduce noisy log level of ColumnarSerDe.java:116 from INFO to DEBUG
  • HUE-2501 - [metastore] Creating a table with header files bigger than 64MB truncates it
  • SOLR-7033 - [RecoveryStrategy should not publish any state when closed / cancelled.
  • SOLR-5961 - Solr gets crazy on /overseer/queue state change
  • SOLR-6640 - Replication can cause index corruption
  • SOLR-6920 - During replication use checksums to verify if files are the same
  • SOLR-5875 - QueryComponent.mergeIds() unmarshals all docs' sort field values once per doc instead of once per shard
  • SOLR-6919 - Log REST info before executing
  • SOLR-6969 - When opening an HDFSTransactionLog for append we must first attempt to recover its lease to prevent data loss
  • IMPALA-1471: Bug in spilling of PHJ that was affecting left anti and outer joins.
  • IMPALA-1451: Empty Row in HBase triggers NPE in Planner
  • IMPALA-1535: Partition pruning with NULL
  • IMPALA-1483: Substitute TupleIsNullPredicates to refer to physical analytic output.
  • IMPALA-1674: Fix serious memory leak in TSaslTransport
  • IMPALA-1668: Fix leak of transport objects in TSaslServerTransport::Factory
  • IMPALA-1565: Python sasl client transport perf issue
  • IMPALA-1556: Kerberos fetches 3x slower
  • IMPALA-1120: Fetch column statistics using Hive 0.13 bulk API

Published Known Issues Fixed

As a result of the above fixes, the following issues, previously published as Known Issues in CDH 5, are also fixed:

Hive does not support Parquet schema evolution

Adding a new column to a Parquet table causes queries on that table to fail with a column not found error.

Bug: HIVE-7800

Workaround: Use Impala instead; Impala handles Parquet schema evolution correctly.

CDH 5.2.3

Upstream Issues Fixed

The following upstream issues are fixed in CDH 5.2.3:

  • AVRO-1623 - GenericData#validate() of enum: IndexOutOfBoundsException
  • AVRO-1622 - Add missing license headers
  • AVRO-1604 - ReflectData.AllowNull fails to generate schemas when @Nullable is present.
  • AVRO-1407 - NettyTransceiver can cause a infinite loop when slow to connect
  • AVRO-834 - Data File corruption recovery tool
  • AVRO-1596 - Cannot read past corrupted block in Avro data file
  • CRUNCH-480 - AvroParquetFileSource does not properly configure user-supplied read schema
  • CRUNCH-479 - Writing to target with WriteMode.APPEND merges values into PCollection
  • CRUNCH-477 - Fix HFileTargetIT failures on hadoop1 under Java 1.7/1.8
  • CRUNCH-473 - Use specific class type for case class serialization
  • CRUNCH-473 - Use specific class type for case class serialization
  • CRUNCH-472 - Add Scrunch serialization support for Java Enums
  • HADOOP-11068 - Match hadoop.auth cookie format to jetty output
  • HADOOP-11343 - Overflow is not properly handled in caclulating final iv for AES CTR
  • HADOOP-11301 - [optionally] update jmx cache to drop old metrics
  • HADOOP-11085 - Excessive logging by org.apache.hadoop.util.Progress when value is NaN
  • HADOOP-11247 - Fix a couple javac warnings in NFS
  • HADOOP-11195 - Move Id-Name mapping in NFS to the hadoop-common area for better maintenance
  • HADOOP-11130 - NFS updateMaps OS check is reversed
  • HADOOP-10990 - Add missed NFSv3 request and response classes
  • HADOOP-11323 - WritableComparator#compare keeps reference to byte array
  • HDFS-7560 - ACLs removed by removeDefaultAcl() will be back after NameNode restart/failover
  • HDFS-7367 - HDFS short-circuit read cannot negotiate shared memory slot and file descriptors when SASL is enabled on DataTransferProtocol.
  • HDFS-7489 - Incorrect locking in FsVolumeList#checkDirs can hang datanodes
  • HDFS-7158 - Reduce the memory usage of WebImageViewer
  • HDFS-7497 - Inconsistent report of decommissioning DataNodes between dfsadmin and NameNode webui
  • HDFS-7146 - NFS ID/Group lookup requires SSSD enumeration on the server
  • HDFS-7387 - NFS may only do partial commit due to a race between COMMIT and write
  • HDFS-7356 - Use DirectoryListing.hasMore() directly in nfs
  • HDFS-7180 - NFSv3 gateway frequently gets stuck due to GC
  • HDFS-7259 - Unresponsive NFS mount point due to deferred COMMIT response
  • HDFS-6894 - Add XDR parser method for each NFS response
  • HDFS-6850 - Move NFS out of order write unit tests into TestWrites class
  • HDFS-7385 - ThreadLocal used in FSEditLog class causes FSImage permission mess up
  • HDFS-7409 - Allow dead nodes to finish decommissioning if all files are fully replicated
  • HDFS-7373 - Clean up temporary files after fsimage transfer failures
  • HDFS-7225 - Remove stale block invalidation work when DN re-registers with different UUID
  • YARN-2721 - Race condition: ZKRMStateStore retry logic may throw NodeExist exception
  • YARN-2975 - FSLeafQueue app lists are accessed without required locks
  • YARN-2992 - ZKRMStateStore crashes due to session expiry
  • YARN-2910 - FSLeafQueue can throw ConcurrentModificationException
  • YARN-2816 - NM fail to start with NPE during container recovery
  • MAPREDUCE-6198 - NPE from JobTracker#resolveAndAddToTopology in MR1 cause initJob and heartbeat failure.
  • MAPREDUCE-6169 - MergeQueue should release reference to the current item from key and value at the end of the iteration to save memory.
  • HBASE-11794 - StripeStoreFlusher causes NullPointerException
  • HBASE-12077 - FilterLists create many ArrayList$Itr objects per row.
  • HBASE-12386 - Replication gets stuck following a transient zookeeper error to remote peer cluster
  • HBASE-11979 - Compaction progress reporting is wrong
  • HBASE-12529 - Use ThreadLocalRandom for RandomQueueBalancer
  • HBASE-12445 - hbase is removing all remaining cells immediately after the cell marked with marker = KeyValue.Type.DeleteColumn via PUT
  • HBASE-12460 - Moving Chore to hbase-common module.
  • HBASE-12366 - Add login code to HBase Canary tool.
  • HBASE-12447 - Add support for setTimeRange for RowCounter and CellCounter
  • HIVE-9330 - DummyTxnManager will throw NPE if WriteEntity writeType has not been set
  • HIVE-9199 - Excessive exclusive lock used in some DDLs with DummyTxnManager
  • HIVE-6835 - Reading of partitioned Avro data fails if partition schema does not match table schema
  • HIVE-6978 - beeline always exits with 0 status, should exit with non-zero status on error
  • HIVE-8891 - Another possible cause to NucleusObjectNotFoundException from drops/rollback
  • HIVE-8874 - Error Accessing HBase from Hive via Oozie on Kerberos 5.0.1 cluster
  • HIVE-8916 - Handle user@domain username under LDAP authentication
  • HIVE-8889 - JDBC Driver ResultSet.getXXXXXX(String columnLabel) methods Broken
  • HIVE-9445 - Revert HIVE-5700 - enforce single date format for partition column storage
  • HIVE-5454 - HCatalog runs a partition listing with an empty filter
  • HIVE-8784 - Querying partition does not work with JDO enabled against PostgreSQL
  • HUE-2484 - [beeswax] Configure support for Hive Server2 LDAP authentication
  • HUE-2102 - [oozie] Workflow with credentials can't be used with Coordinator
  • HUE-2152 - [pig] Credentials support in editor
  • HUE-2472 - [impala] Stabilize result retrieval
  • HUE-2406 - [search] New dashboard page has a margin problem
  • HUE-2373 - [search] Heatmap can break
  • HUE-2395 - [search] Broken widget in Solr Apache logs example
  • HUE-2414 - [search] Timeline chart breaks when there's no extraSeries defined
  • HUE-2342 - [impala] TLS/SSL encryption
  • HUE-2426 - [pig] Dashboard gives a 500 error
  • HUE-2430 - [pig] Progress bars of running scripts not updated on Dashboard
  • HUE-2411 - [useradmin] Lazy load user and group list in permission sharing popup
  • HUE-2398 - [fb] Drag and Drop hover message should not appear when elements originating in DOM are dragged
  • HUE-2401 - [search] Visually report selected and excluded values for ranges too
  • HUE-2389 - [impala] Expand results table after the results are added to datatables
  • HUE-2360 - [sentry] Sometimes Groups are not loaded we see the input box instead
  • IMPALA-1453 - Fix many bugs with HS2 FETCH_FIRST
  • IMPALA-1623 - unix_timestamp() does not return correct time
  • IMPALA-1606 - Impala does not always give short name to Llama
  • IMPALA-1475 - accept unmangled native UDF symbols
  • OOZIE-2102 - Streaming actions are broken cause of incorrect method signature
  • PARQUET-145 - InternalParquetRecordReader.close() should not throw an exception if initialization has failed
  • PARQUET-140 - Allow clients to control the GenericData object that is used to read Avro records
  • PIG-4330 - Regression test for PIG-3584 - AvroStorage does not correctly translate arrays of strings
  • PIG-3584 - AvroStorage does not correctly translate arrays of strings
  • SOLR-5515 - NPE when getting stats on date field with empty result on solrcloud

Published Known Issues Fixed

As a result of the above fixes, the following issues, previously published as Known Issues in CDH 5, are also fixed.

Upgrading a PostgreSQL Hive Metastore from Hive 0.12 to Hive 0.13 may result in a corrupt metastore

HIVE-5700 introduced a serious bug into the Hive Metastore upgrade scripts. This bug affects users who have a PostgreSQL Hive Metastore and have at least one table which is partitioned by date and the value is stored as a date type (not string).

Bug: HIVE-5700

Workaround: None. Do not upgrade your PostgreSQL metastore to version 0.13 if you satisfy the condition stated above.

DataNodes may become unresponsive to block creation requests

DataNodes may become unresponsive to block creation requests from clients when the directory scanner is running.

Bug: HDFS-7489

Workaround: Disable the directory scanner by setting dfs.datanode.directoryscan.interval to -1.

CDH 5.2.2

There is no CDH 5.2.2 release.

CDH 5.2.1

Apache Hadoop

Files inside encryption zones cannot be read in Hue

Hue uses either WebHDFS or HttpFS to access files. Both are proxy user clients of KMS and the KMS client library does not currently handle proxy users correctly.

Bug: HADOOP-11176

Workaround: None

Both ResourceManagers can end up in Standby mode

After a restart, if an application fails to recover, both Resource Managers could end up in Standby mode.

Bug: YARN-2588, YARN-2010

Workarounds:
  • Stop the RM. Format the state store using yarn resourcemanager -format-state-store. Applications that were running before the ResourceManager went down will not be recovered.
  • You can limit the number of completed applications the RM state-store stores (yarn.resourcemanager.state-store.max-completed-applications) to reduce the chances of running into this problem.

Apache Oozie

Using cron-like syntax for Coordinator frequencies can result in duplicate actions

Every throttle number of actions will be a duplicate. For example, if the throttle is set to 5, every fifth action will be a duplicate.

Bug: OOZIE-2063

Workaround: If possible, use the older syntax to specify an equivalent frequency.

Upstream Fixes

CDH 5.2.1 also fixes the following issues:

  • HADOOP-11243 - SSLFactory shouldn't allow SSLv3
  • HADOOP-11217 - Disable SSLv3 in KMS
  • HADOOP-11156 - DelegateToFileSystem should implement getFsStatus(final Path f).
  • HADOOP-11176 - KMSClientProvider authentication fails when both currentUgi and loginUgi are a proxied user
  • HDFS-7235 - DataNode#transferBlock should report blocks that don't exist using reportBadBlock
  • HDFS-7274 - Disable SSLv3 in HttpFS
  • HDFS-7391 - Reenable SSLv2Hello in HttpFS
  • HDFS-6781 - Separate HDFS commands from CommandsManual.apt.vm
  • HDFS-6831 - Inconsistency between 'hdfs dfsadmin' and 'hdfs dfsadmin -help'
  • HDFS-7278 - Add a command that allows sysadmins to manually trigger full block reports from a DN
  • YARN-2010 - Handle app-recovery failures gracefully
  • YARN-2588 - Standby RM does not transitionToActive if previous transitionToActive is failed with ZK exception.
  • YARN-2566 - DefaultContainerExecutor should pick a working directory randomly
  • YARN-2641 - Decommission nodes on -refreshNodes instead of next NM-RM heartbeat
  • MAPREDUCE-6147 - Support mapreduce.input.fileinputformat.split.maxsize
  • HBASE-12376 - HBaseAdmin leaks ZK connections if failure starting watchers (ConnectionLossException)
  • HBASE-12201 - Close the writers in the MOB sweep tool
  • HBASE-12220 - Add hedgedReads and hedgedReadWins metrics
  • HIVE-8693 - Separate out fair scheduler dependency from hadoop 0.23 shim
  • HIVE-8634 - HiveServer2 fair scheduler queue mapping does not handle the secondary groups rules correctly
  • HIVE-8675 - Increase thrift server protocol test coverage
  • HIVE-8827 - Remove SSLv2Hello from list of disabled protocols protocols
  • HIVE-8615 - beeline csv,tsv outputformat needs backward compatibility mode
  • HIVE-8627 - Compute stats on a table from impala caused the table to be corrupted
  • HIVE-7764 - Support all JDBC-HiveServer2 authentication modes on a secure cluster cluster
  • HIVE-8182 - beeline fails when executing multiple-line queries with trailing spaces
  • HUE-2438 - [core] Disable SSLv3 for Poodle vulnerability
  • IMPALA-1361: FE Exceptions with BETWEEN predicates
  • IMPALA-1397: free local expr allocations in scanner threads
  • IMPALA-1400: Window function insert issue (LAG() + OVER)
  • IMPALA-1401: raise MAX_PAGE_HEADER_SIZE and use scanner context to stitch together header buffer
  • IMPALA-1410: accept "single character" character classes in regex functions
  • IMPALA-1411: Create table as select produces incorrect results
  • IMPALA-1416 - Queries fail with metastore exception after upgrade and compute stats
  • OOZIE-2034 - Disable SSLv3 (POODLEbleed vulnerability)
  • OOZIE-2063 - Cron syntax creates duplicate actions
  • PARQUET-107 - Add option to disable summary metadata aggregation after MR jobs
  • SPARK-3788 - Yarn dist cache code is not friendly to HDFS HA, Federation
  • SPARK-3661 - spark.*.memory is ignored in cluster mode
  • SPARK-3979 - Yarn backend's default file replication should match HDFS' default one
  • SPARK-1720 - use LD_LIBRARY_PATH instead of -Djava.library.path

CDH 5.2.0

Apache HBase

hbase.zookeeper.useMulti set to false by default

The default value of hbase.zookeeper.useMulti was changed from true to false in CDH 5. In CDH 5.2, the default is changed back to true. This affects environments with HBase replication enabled and large replication queues.

Bug: None

Workaround: Enable hbase.zookeeper.useMulti by setting the value to true in hbase-site.xml.

Apache Hadoop

Hadoop shell commands which reference the root directory ("/") do not work

Bug: HDFS-5888

Workaround: None

ResourceManager High Availability with manual failover does not work on secure clusters

Bug: YARN-1640

Workaround: Enable automatic failover; this requires ZooKeeper.

Apache Hive

Select * fails on Parquet tables with the map data type

Bug: HIVE-6575

Severity: Low

Workaround: Use the map's column name in the SELECT statement.

Cloudera Search

Malicious users could update information by circumventing Sentry checks

A sophisticated malicious user could update restricted content by setting the update.distrib parameter to bypass Sentry's index-level checks.

With Search for CDH 5.2 and later, Sentry always checks for index-level access control settings, preventing unauthorized updates.

Bug: None.

Severity: Medium.

Workaround: None.

Kerberos name rules were not followed

SOLR_AUTHENTICATION_KERBEROS_NAME_RULES, which is specified in /etc/default/solr or /opt/cloudera/parcels/CDH-*/etc/default/solr would sometimes not be respected, even if those rules were also specified using the hadoop.security.auth_to_local property in SOLR_HDFS_CONFIG/core-site.xml.

With Search for CDH 5.2 and later, Kerberos name rules are followed.

Bug: None.

Workaround: None.