Ranger 2.4.0.100 - 2504 (EEP 9.4.0) Release Notes

Apache Ranger is a tool to help you monitor and manage security for the Hadoop components that are included in the HPE Ezmeral Ecosystem Pack. For more information about the Data Fabric implementation of Ranger, see Ranger.

The notes below relate specifically to the HPE Ezmeral Data Fabric distribution of Apache Ranger. You may also be interested in the Apache Ranger home page and the Apache Ranger changelog.

These release notes contain only HPE-specific information and are not necessarily cumulative in nature. For information about how to use the release notes, see Ecosystem Component Release Notes.

Version 2.4.0.100
Release Date April 2025
HPE Version Interoperability See EEP Components and OS Support
Source on GitHub https://github.com/mapr/ranger
GitHub Release Tag 2.4.0.100-eep-940
Maven Artifacts https://repository.mapr.com/maven/
Package Names Navigate to https://package.mapr.hpe.com/releases/MEP/, and select your EEP (MEP) and OS to view the list of package names.

New in this Release

  • SSO support.

  • Keycloak user & group sync source support.

  • CVE fixes.

  • Bug fixes.

Installation

You can install Ranger by using manual steps or by using the Installer. See these topics:

Fixes

This HPE release includes the following fixes on the base Apache release. For details, refer to the commit log for this project in GitHub:
Commit Date (YYYY-MM-DD) HPE Fix Number and Description
ce1b79cd4 2025-04-02 RAN-332 Ranger User Sync is getting disabled after second and futher runs of setup.sh
863b6f9f8 2024-07-11 RANGER-4855: updated logback to 1.3.14
7c44cb4fc 2025-03-18 RAN-327 CVEs in Ranger in EEP-9.4.0 builds
4b719e7e6 2025-03-26 RAN-328 Upgrade jackson to the latest version (2.18.3) (Part 2)
c555d721f 2025-03-22 RAN-328 Upgrade jackson to the latest version (2.18.3)
14cb3facd 2024-07-25 RANGER-4225: updated Hive plugin shim to exclude org.codehaus.jackson library - PR #351
a2d23df34 2024-07-12 RANGER-4225: updated pom.xml files to remove duplicate dependencies - #2
985ffc2c0 2024-07-10 RANGER-4225: replaced org.codehaus.jackson with com.fasterxml.jackson
7304865ea 2025-03-21 Revert "EEP-RAN-125: Fix jackson-mapper-asl-1.9.13.jar CVEs"
07ef254ae 2025-03-21 Revert "EEP-RAN-40: Ranger-UI has access issues while REST API works on same functionalities"
b0c2d1d9c 2025-03-03 RAN-315 Incorrect Login Type is specified in Audit>Login Sessions tab for the user which has logged in using SSO
9e6d2f7a6 2025-03-03 RAN-314 Keycloak is missing in Audit>User Sync tab among 'Sync Source' filter values
02fc7c6cd 2025-02-28 RAN-316, RAN-318 Put roles from DB into OAuth2AuthenticationToken
cf3183455 2025-02-28 RAN-324 Use Hadoop SSO API for JWS alsorithm and SSO enabled configurations
90e006270 2025-02-10 RAN-312 Keycloak Users & Groups Synchronization (3)
3953e68b7 2025-02-05 RAN-312 Keycloak Users & Groups Synchronization (2)
ecdfc8606 2025-01-28 RAN-312 Keycloak Users & Groups Synchronization
1a923f447 2023-03-27 RANGER-4135: Fix uri for getDeletedGroups() in PolicyMgrUserGroupBuilder (#236)
30cee9622 2025-01-27 RAN-311 setup.sh doesn't rewrite values
0409906df 2025-01-14 RAN-306 OIDC & JWT authentication in Ranger Admin (3)
03cfd156f 2025-01-13 RAN-306 OIDC & JWT authentication in Ranger Admin (2) (#139)
5e7b93043 2024-12-11 RAN-307 Update Spring dependencies to resolve CVEs
cfef21aed 2024-12-04 RAN-306 OIDC & JWT authentication in Ranger Admin

Known Issues and Limitations

Ranger and Mixed FIPS Configurations
The Ranger component in EEP 9.2.0 cannot be used in a mixed FIPS configuration (a cluster consisting of FIPS and non-FIPS nodes).
RAN-279
If you are upgrading to EEP 9.2.0 or later, you must upgrade both Ranger and Hive packages together if the Hive plugin is used. If you upgraded only Ranger, you might encounter the following error:
Error: Error running query: java.lang.NoSuchMethodError: 'java.lang.String org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.getOwnerName()' (state=,code=0)
Upgrading Hive should fix the problem.

Resolved Issues

HMS functionalities are supported in a preview state.