Known issues

Learn about the known issues in this release of Cloudera Flow Management - Kubernetes Operator

Apache Parquet CVE-2025-30065

A critical vulnerability (CVE-2025-30065) in Apache Parquet's parquet-avro module allows arbitrary code execution through schema manipulation and crafted files. Cloudera advises upgrading to supported versions with fixes once they become available and implementing mitigations in the meantime.

Until Cloudera has released a product version with the Apache Parquet vulnerability fix, please continue to use the mitigations listed below:

Customers with their own FIM Solution:

1. Utilize a File Integrity Monitoring (FIM) solution. This allows administrators to monitor files at the filesystem level and receive alerts on any unexpected or suspicious activity in the schema configuration.

General advisory:

1. Use network segmentation and traffic monitoring with a device capable of deep packet inspection, such as a network firewall or web application firewall, to inspect all traffic sent to the affected endpoints.

2. Configure alerts for any suspicious or unexpected activity. You may also configure sample analysis parameters to include:

   • Parquet file format “magic bytes” = PAR1
   • Connections from sending hosts that are not expected source IP ranges.
3. Be cautious with Parquet files from unknown or untrusted sources. If possible, do not process files with uncertain origins or that can be ingested from outside the organization.
4. Ensure that only authorized users have access to endpoints that ingest Parquet files.

For the latest updates on this issue, see the corresponding Knowledge article.

CDPDFX-10225: Cloudera Flow Management - Kubernetes Operator crashes once when creating a NiFi Registry (Standalone)

When first creating a NifiRegistry resource, the Cloudera Flow Management - Kubernetes Operator may crash once before recovering. No impact to functionality.

None.