HBase 1.4.13.50 - 2201 (EEP 7.1.2) Release Notes

The notes below relate to the HPE Ezmeral Data Fabric distribution of HBase.

These release notes contain only HPE-specific information and are not necessarily cumulative in nature. You may also be interested in the Ecosystem Component Release Notes and the Apache HBase homepage.

Version 1.4.13.50
Release Date March 2022
MapR Version Interoperability See Interoperability Matrix, Ecosystem Support Matrix, and HBase Support Matrix.
Source on GitHub https://github.com/mapr/hbase
GitHub Release Tag 1.4.13.50-mapr-712
Maven Artifacts https://repository.mapr.com/maven/
Package Names Navigate to https://package.ezmeral.hpe.com/releases/MEP/ and select your EEP and OS to view the list of package names.

New in this Release

HBase 1.4.13.50 introduces the following enhancements or HPE platform-specific behavior changes:

  • CVE fixes
  • Bug fixes

Fixes

This HPE release includes the following fixes on the base Apache release:

GitHub Commit Number Date (YYYY-MM-DD) HPE Fix Number and Description
3e5774b7bd 2022-01-25 EEP-HBASE-275: Upgrade Log4J version to '1.3.1-mapr'
1b84b97250 2022-01-13 EEP-HBASE-274: HBase REST authentication doesn't work for /jmx and /conf
4a7bc734a4 2022-01-05 EEP-HBASE-271: Update log4j v2 to the latest available (to 2.17+)
e098fa5bdb 2021-12-20 EEP-HBASE-263: Log4j Vulnerabilities: CVE-2019-17571 -- Upgrading to 1.3.0-mapr
cf729eef81 2021-12-14 EEP-HBASE-263: Log4j Vulnerabilities: CVE-2019-17571
2a8bd56e37 2021-12-14 EEP-HBASE-269: CVE-2021-44228 - Log4j vulnerability in HBase
225e558442 2021-11-25 EEP-HBASE-268: Upgrade Jetty to 9.4.44.v20210927 to sync with Hadoop
188650a45d 2021-11-25 EEP-HBASE-264: Nimbus-jose-jwt Vulnerabilities: CVE-2019-17195, CVE-2017-12974 and CVE-2017-12972
fa4d10cd74 2021-11-24 EEP-HBASE-266: Exclude bcprov-jdk15on from HBase dependencies
ff73de116f 2021-11-24 EEP-HBASE-250: HBase Thrift and Rest services fail to start on Core-7.0.0 MEP-7.1.0 with encrypted ssl passwords
6cda4a2b5f 2021-11-22 MAPR-HBASE-254: Upgrade slf4j dependencies from 1.7.5 to 1.7.25 to sync with Hadoop
52972c1f93 2021-11-22 MAPR-HBASE-247: mapr-security-web jar should be taken from the cluster
98d0ef0594 2021-11-22 MAPR-HBASE-240: CVE-2012-5783 vulnerability in commons-httpclient. -- Part-2: Modify shutdown for HttpClient
47efdc31b8 2021-11-22 MAPR-HBASE-244: Upgrade Avro version to 1.10.1
a84cfd7302 2021-11-22 MAPR-HBASE-240: CVE-2012-5783 vulnerability in commons-httpclient. -- HBASE-16267 Remove commons-httpclient dependency from hbase-rest module
41eba1a7b2 2021-11-22 MAPR-HBASE-242: Too large error message/uninformative when running hbase shell from user without ticket
4e6bc5079b 2021-11-22 MAPR-HBASE-239: WS-2019-0379: commons-codec vulnerability
3860599c1f 2021-11-22 MAPR-HBASE-237: Sync Jackson version with hadoop-2.7.5.0
d8efd1ba4e 2021-11-22 MAPR-HBASE-236: CVE-2020-15250 vulnerability in junit
9ea81f6136 2021-11-22 MAPR-HBASE-208: HBase build should use only internal repositories / mirrors
59da3a380b 2021-11-18 EEP-HBASE-260: Netty Vulnerabilities: WS-2020-0408, CVE-2021-37137 and CVE-2021-37136
8e3ef8732c 2021-11-15 MAPR-HBASE-252: [Hbase] CVE-2021-42340 Apache Tomcat DoS
948456c93b 2021-11-15 MAPR-HBASE-249: ThriftServer and RESTServer can not start on core 7.0.0

For complete details, refer to the commit log for this project in GitHub.

Known Issues and Limitations

This release contains the following known issues and limitations:
  • None