August 05, 2025 - Hotfix

Review the new features introduced in this release of Cloudera Data Warehouse service on Cloudera on cloud.

Review the fixed issues in this release of the Cloudera Data Warehouse service on cloud.

DWX-21314: Streaming Kubernetes API calls failing on private clusters

Streaming Kubernetes API calls were previously failing on private clusters across Azure and Amazon due to issues with the CCMv2 channel. This impacted virtual warehouse and database catalog rebuild functionality on private AKS/EKS clusters.

This issue is now resolved by implementing a fallback mechanism in Cloudera Data Warehouse that switches to polling the API server for updates when the streaming API encounters issues.

DWX-21330: Metastore initialization timeout

The metastore-sys-init job, responsible for metastore initialization, previously had a 20-minute deadline. In certain scenarios, initialization could exceed this period, leading to failures. This issue is now resolved by increasing the deadline to 1 hour.

DWX-21043: AKS node image auto-upgrade disabled

Previously, Azure Kubernetes Service (AKS) introduced automatic node image upgrades as the default behavior starting with API version 2023-06-01. However, this default setting can lead to upgrade-related issues in Cloudera Data Warehouse.

This issue is now resolved by disabling the AKS node image auto-upgrade feature, restoring the behavior to align with the pre-2023-06-01 API version.

Cookie-Based authentication support for JWT tokens

When JWT tokens are used for authentication, every HTTP request within a session requires token verification. If these tokens have a short lifespan, it can lead to authentication failures and disrupt session continuity.

This issue is now resolved by using authentication cookies, which generally have a longer lifespan (configured through the max_cookie_lifetime_s flagfile option) and can remain valid for the duration of the session. This enables subsequent authentication requests to rely on cookies rather than repeatedly verifying the JWT token.

Apache Jira: IMPALA-13813

CDPD-80798: Stable Catalogd initialization in HA mode

Catalogd initialization previously might timeout to complete in high availability mode. This happened because metadata operations started prematurely, blocking Catalogd from becoming active.

This issue is resolved by ensuring Catalogd determines HA state before starting metadata operations in HA mode. This prevents blocking issues and ensures a stable startup.

Apache Jira: IMPALA-13850

CDPD-83059: Optimized Impala Catalog cache warmup

Impala's Catalogd previously started with an empty cache. This led to slow query startup for important tables and affected high availability failovers.

This issue is resolved by adding new settings to pre-load specific tables into the Catalogd cache in the background. This ensures faster query startup and smoother high availability failovers.

Apache Jira: IMPALA-14074

CDPD-87222: Consistent TRUNCATE operations for external tables

Impala's TRUNCATE operations on external tables previously did not consistently delete files in subdirectories, even when recursive listing was enabled.

This issue is resolved by ensuring Impala uses the HMS API for TRUNCATE operations by default.

Apache Impala: IMPALA-14189, IMPALA-14224

CDPD-83530: Task commits were allowed despite an exception being thrown in the Tez processor

A communication failure between the coordinator and executor caused a running task to terminate, resulting in a java.lang.InterruptedException being thrown by the ReduceRecordProcessor.init(). Despite this exception, the process still allowed the task to be committed and generated a commit manifest.

This issue has now been resolved. The fix ensures that outputs are not committed if an exception is thrown in the Tez processor.

Apache Jira: HIVE-28962

CDPD-82415: TABLESAMPLE clause of the COMPUTE STATS statement has no effect on Iceberg tables

This fix resolves a regression introduced by IMPALA-13737. For example, the following query scans the entire Iceberg table to calculate statistics, whereas it should ideally use only about 10% of the data.

COMPUTE STATS t TABLESAMPLE SYSTEM system(10);

This fix introduces proper table sampling logic for Iceberg tables, which can be utilized for COMPUTE STATS. The sampling algorithm previously located in IcebergScanNode.getFilesSample() is now relocated to FeIcebergTable.Utils.getFilesSample().

Apache Jira: IMPALA-14014

CDPD-85228: IllegalStateException with Iceberg table with DELETE

Running a query on an Iceberg table fails with an IllegalStateException error in the following scenario:

• The Iceberg table has delete files for every data file (no data files without delete files) AND
• An anti-join operation is performed on the result of the Iceberg delete operation (IcebergDeleteNode or HashJoinNode)

This fix resolves the issue by setting the TableRefIds of the node corresponding to the Iceberg delete operation (IcebergDeleteNode or HashJoinNode) to only the table reference associated with the data files, excluding the delete files.

Apache Jira: IMPALA-14154

CDPD-87405: Error unnesting arrays in Iceberg tables with DELETE files

The following error occurred when unnesting a nested array (a 2D array) from an Iceberg table. This issue was triggered specifically when the table contained delete files for some, but not all, of its data files.

Filtering an unnested collection that comes from a UNION [ALL] is not supported yet.

Reading an Iceberg table with this mixed data and delete file configuration creates a UNION ALL node in the query execution plan. The system had a check that explicitly blocked any filtering on an unnested array.

This fix relaxes the validation check, allowing the operation to proceed if all UNION operands share the same tuple IDs. This ensures the query can successfully unnest the array.

Apache Jira: IMPALA-14185

DWX-21173: Allow redirect_url configurable for libsaml

Previously, Hue's libsaml configuration did not allow for a configurable redirect_url to support custom SAML or Okta IdP addresses. The issue is now resolved by adding a custom configuration option for libsaml redirect_url.

[libsaml]
redirect_url=<customer_own_okta_or_saml_idp>

This release of the Cloudera Data Warehouse service on cloud has the following behavior changes: