July 30, 2025

This release (1.24.1-H1) of the Cloudera Data Engineering service on Cloudera on cloud introduces the following changes.

This release does not contain new features, but includes the following fixes:

DEX-17716: sparkuser home directory is not created after chainguard upgrade in livy-server image

The issue impacted customers using spark.jars.packages=mysql:mysql-connector-java:8.0.28. This issue has been fixed.

DEX-17567: Azure MySQL Root Certificate update

The root certificates for Azure MySQL Flexible database were updated due to security non-compliance of the SHA-1 certificate. The SHA-1 hashing algorithm is considerably insecure, due to discovered vulnerabilities. Cloudera resolved the issue by rotating the certificate to one signed by a compliant root certificate authority.

DEX-17519: Sessions are not killed as per the TTL configured in Azure and AWS

Sessions were not killed according to the Time To Live (TTL) configured in Azure and in AWS. The calculation of timeout was wrong in the isTimeout method in the Livy code. The isTimeout method of the Livy code incorrectly converted a timeout value that was already provided in nanoseconds, leading to miscalculation of the timeout. For this reason, the sessions were not killed after the timeout was reached.

DEX-17507: Restore of Scheduled Jobs are failing due to time format

Restoring the Spark Jobs with the Schedule Configuration failed if the start date or end date used a time format other than RFC3339Nano. This issue affected only jobs created through non-UI methods, such as the API or CLI. The fix standardizes schedule start and end times to RFC3339Micro format, ensuring alignment with Airflow API timestamps at microsecond precision.

DEX-17500: [CDP Cli] Spark OsName "chainguard" not triggering error in Cloudera Data Engineering version 1.23.1 VC

Cloudera Data Engineering allowed the creation of a Virtual Cluster with the securityhardened spark.osname property in Cloudera Data Engineering versions lower than 1.24, without any error message. The underlying use of UBI [redhat] was technically correct; however, it caused confusion, as the Virtual Cluster property indicated securityhardened. With the fix, an error is now triggered if securityhardened is specified in Cloudera Data Engineering versions lower than 1.24.

DEX-17458: [Spark3.3.0] : Cloudera Data Engineering session creation is failing with javax.security.sasl.SaslException: Client closed before SASL negotiation finished

Cloudera Data Engineering sessions in a Spark 3.3.0 Virtual Cluster failed to be created. The following error was listed in the driver logs:

Exception in thread "main" java.util.concurrent.ExecutionException: javax.security.sasl.SaslException: Client closed before SASL negotiation finished

The root cause was determined to be a TTL issue rather than an SASL issue.