Fixed issues in Cloudera Data Warehouse on premises 1.5.4 SP2-CHF1
Review the issues fixed in the Cloudera Data Warehouse on premises 1.5.4 SP2 Cumulative hotfix 1 release.
- CDPD-81633: Restrict trusted packages in the parquet-avro module
- Due to CVE-2025-30065, schema parsing in the
parquet-avromodule of Apache Parquet 1.15.0 and earlier versions allows bad actors to execute arbitrary code.To prevent this CVE, users must specify all the trusted packages in the
org.apache.parquet.avro.SERIALIZABLE_PACKAGESenvironment variable. If the user does not want to specify the override property, then the following packages that are trusted by default are allowed —java.lang,java.math,java.io,java.net,org.apache.parquet.avro.
- DWX-21234: Data connection error in Cloudera Data Visualization due to invalid user UID
- The Cloudera Data Visualization container was accidentally
configured to run with a non-existent user (UID 1000), which caused an error when attempting to
create data connections to Virtual Warehouses.
This issue is now resolved by updating the container's security contexts to use the correct UID, 1002, for default user, arcadia.
