Community
Search Options
Search Options
Log in
Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
IBM TechXchange
Community
Cloud Global
Cloud Native Apps
Cloud Partner Accelerator
Cloud Platform as a Service
Cloud Training
High Performance Computing
IBM Cloud for SAP
Infrastructure as a Service
VMware on Cloud
Groups
AI
Automation
Data
Security
Sustainability
Cloud
IBM Z & LinuxONE
Power
Storage
IBM Champions
IBM Japan
All Groups
My Groups
Champions
User Groups
Cloud user groups
All user groups
Events
Conference
Community Events
User Groups Events
All TechXchange Events
Participate
TechXchange Group
Welcome Corner
Blogging in the Community
Directory
Community Leaders
Resources
Marketplace
Marketplace
IBM Data Management Community
Connect with Db2, Informix, Netezza, open source, and other data experts to gain value from your data, share insights, and solve problems.
Ask a question
Skip main navigation (Press Enter).
Toggle navigation
Data Management User Groups
Technical Service Bulletin 2021-434 (TSB), repost from Cloudera
View Only
Group Home
Threads
56
Library
48
Blogs
44
Events
0
Members
427
Technical Service Bulletin 2021-434 (TSB), repost from Cloudera
0
Like
Tue January 19, 2021 11:43 AM
Lynn Chou
Technical Service Bulletin 2021-434 (TSB)
Load Balancing Provider Fails to invalidate Cache on Key Delete
The KMS Load balancing Provider has not been correctly invalidating the cache on key delete operations. The failure to invalidate the cache on key delete operations can result in the possibility that data can be leaked from the framework for a short period of time based on the value of the hadoop.kms.current.key.cache.timeout.ms property. Its default value is 30,000ms. When the KMS is deployed in an HA pattern the KMSLoadBalancingProvider class will only send the delete operation to one KMS role instance in a round-robin fashion. The code lacks a call to invalidate the cache across all instances and can leave key information including the metadata and key stored (the deleted key) in the cache on one or more KMS instances up to the key cache timeout.
Jiras:
HADOOP-17208
HADOOP-17304
Products affected:
CDH
HDP
CDP
Releases affected:
CDH 5.x
CDH 6.x
CDP 7.0.x
CDP 7.1.4 and earlier
HDP 2.6 and later
Users affected:
Customers with Data-at-rest encryption enabled that have more than 1 kms role instance and the services Key Cache enabled.
Impact:
Key Meta-data and Key material may remain active within the service cache.
Severity:
Medium
Action required:
CDH customers: Upgrade to CDP 7.1.5 or request a patch
HDP customers: Request a patch
#Hadoop
#Cloudera
#Database
#Hadoop
#OpenSourceOfferings
#opensource
Statistics
0 Favorited
8 Views
0 Files
0 Shares
0 Downloads
IBM TechXchange
Community
Cloud Global
Cloud Native Apps
Cloud Partner Accelerator
Cloud Platform as a Service
Cloud Training
High Performance Computing
IBM Cloud for SAP
Infrastructure as a Service
VMware on Cloud
Groups
AI
Automation
Data
Security
Sustainability
Cloud
IBM Z & LinuxONE
Power
Storage
IBM Champions
IBM Japan
All Groups
My Groups
Champions
User Groups
Cloud user groups
All user groups
Events
Conference
Community Events
User Groups Events
All TechXchange Events
Participate
TechXchange Group
Welcome Corner
Blogging in the Community
Directory
Community Leaders
Resources
Marketplace
Marketplace
Powered by Higher Logic