HDP-2.3.6 Release Notes
Also available as:


HDP 2.3.6 provides Knox 0.6.0 with no additional Apache patches beyond any ported over from the 2.4.x core.

HDP 2.3.6 provides Knox 0.6.0 and ports the following Apache patches from the 2.4.x core:

  • KNOX-647: Rename LDAP artifacts from test to demo.

  • KNOX-677: Upgrade to latest Groovy.

  • KNOX-695: Expose configuration of HttpClient's connection and socket timeout settings.

HDP provided Knox 0.6.0 with no additional Apache patches.

HDP 2.3.4 provided Knox 0.6.0 and the following Apache patches:

  • KNOX-566: Make the Default Ephemeral DH Key Size 2048 for TLS.

  • KNOX-579: Regex based identity assertion provider with static dictionary lookup.

  • KNOX-581: Hive dispatch not propagating effective principal name.

  • KNOX-633: Upgrade Apache commons-collections.

HDP 2.3.2 provided Knox 0.6.0 and the following Apache patches:

  • KNOX-598: Concurrent JDBC clients via KNOX to Kerberized HiveServer2 causes HTTP 401 error (due to Kerberos Replay attack error)

  • KNOX-599: Template with {**} in queries are expanded with =null for query params without a value.

HDP 2.3.0 provided Knox 0.6.0 and the following Apache patches:


  • KNOX-476 implementation for X-Forwarded-* headers support and population

  • KNOX-546 Consuming intermediate response during Kerberos request dispatching

  • KNOX-550 reverting back to original Hive Kerberos dispatch behavior

  • KNOX-559 renaming service definition files


  • KNOX-545 Simplify Keystore Management for Cluster Scaleout

  • KNOX-561 Allow Knox pid directory to be configured via the knox-env.sh file