Oracle Cloud Infrastructure Documentation / Release Notes

Big Data Service 3.3.0 new features and updates

  • Services: Big Data
  • Release Date: December 17, 2025

To view the ODH, JDK, OS, and Linux versions for this release, see Big Data Service Release and Patch Versions.

Big Data Service 3.3.0 has the following new features and updates:

Big Data Service upgrades

  • Unique cluster names required: When you create a cluster in Big Data Service, you must enter a cluster name that's unique within the tenancy, regardless of subnet or VCN. If you use a cluster name that's already in use in that tenancy, you might see an error (either at cluster creation or node creation). Previously, duplicate cluster names within a tenancy were allowed
  • Add block storage to Compute-only worker nodes and edge nodes: You can add block storage to Compute-only worker nodes and edge nodes. Previously, you could add block storage only to worker nodes and Kafka broker nodes.
  • Delete many nodes using single API call: You can delete many nodes from a cluster by using a single API call, POST /bdsInstances/{bdsInstanceId}/actions/removeNodes. Previously, you could delete only one node at a time.
  • Python packages removed for security compliance: To improve security, we've removed the following Python packages and their dependencies:
    • matplotlib
    • boto3==1.23.10
    • protobuf==3.19.4
    • jupyterlab==3.1.1
    • notebook==6.4.8
    • jupyterhub-systemdspawner==0.14
    • jupyterhub-nativeauthenticator==1.0.5
    • sparkmagic==0.19.1
    • jupyter-hdfscm==0.2.0
    • jupyterhub-ldapauthenticator==1.3.2
    • PyMySQL==1.0.2
    • s3contents==0.5.1
    Action required: If you have workflows that use any of these packages, review and update the configuration.
  • Update AD Bind credentials across a cluster: Use the new enable_activedirectory tool to update the Active Directory (AD) bind user and password across the cluster. If the AD bind username or password changes, run this tool with the new credentials to update all supported services—Kerberos, Ambari, Ranger, and Hue—at once. Previously, you needed to update each service manually, one by one.
  • API supports Secret ID: For improved security in API calls, you can now use the secretId parameter to reference your admin password stored in OCI Vault. Previously, you could only send the clusterAdminPassword directly in your API request. Big Data Service APIs now accept both the secretId and the clusterAdminPassword. A new field, isSecretReused, helps you track secret reuse across clusters.
  • New cluster shapes available: You can use two new cluster shapes: VM.Standard.E6.Flex and BM.Standard.E6.256. The OCI Compute documentation has details about these shapes.

Oracle Distribution including Apache Hadoop (ODH)

  • Trino upgraded to version 446

    Trino in Big Data Service has been upgraded to version 446. Here are the changes and required actions:

    Behavior changes: If you use the following deprecated parameters in a Hive connector configuration, Oracle's Trino implementation ignores them. Trino queries continue to run but the parameters have no effect. The Trino documentation has details.

    1. Hive connector parameters
      1. The following Hive parameters are no longer supported and are ignored:
        • hive.allow-drop-table
        • hive.allow-rename-table
        • hive.allow-add-column
        • hive.allow-drop-column
        • hive.allow-rename-column
        • hive.allow-comment-table
        • hive.allow-comment-column
        • hive.cache.enabled

        Action required: Remove these parameters from the Hive connector configuration, if present, and use Trino policies managed in Apache Ranger for table and column access control.

      2. The parameter hive.metastore-timeout has been replaced by two new parameters:
        • hive.metastore.thrift.client.read-timeout
        • hive.metastore.thrift.client.connect-timeout

        For existing clusters, Oracle automatically maps the old setting to the new parameters. For new clusters, use the new parameters.

        Action required: For new clusters, use the new timeout parameters. For existing clusters, no changes are required.

    2. Ranger Trino QueryID policies

      QueryID policies are supported but disabled by default.

      Action required: To enable QueryID, in the Ambari UI, go to Trino Config, then go to custom ranger-trino-security, set ranger.plugin.trino.enable.query.execution.policy=true and restart Trino.

    3. JupyterHub PyTrino Kernel

      The Trino Task Writer Count session parameter is no longer supported.

      Action required: Remove this parameter from the Jupyterhub configuration, if present.

  • Ranger for Spark update: Spark service policies in Ranger no longer show the {OWNER} user option in the Select Users menu because the Ranger Spark plugin doesn't support the {OWNER} dynamic placeholder. To set user-level permissions, in the Ranger Admin UI, add the corresponding username to the policy.
  • Change in default Spark History Server (SHS) cache location: The default folder where Spark saves its history, the SHS cache, has changed from /var/lib/spark3/shs_db to /u01/lib/spark3/shs_db. To change the default location, you can update the spark.history.store.path parameter.
  • Integration with Ranger KMS and OCI Vault: You can now secure HDFS (Hadoop Distributed File System) data by integrating with Ranger Key Management Service (KMS). Encryption keys are stored in OCI Vault. You can centrally manage, control access to, and audit encryption keys through the Ambari UI.

    For improved data security, we recommend integrating with Ranger KMS .

  • Reset BDS component admin passwords: You can now reset admin passwords for Ambari, Hue, Ranger, and JupyterHub directly from the Oracle Cloud Console. If you lose or forget an admin password, use the new self-service option to securely generate a new one. You need the new BDS-SECURE-MANAGE permission to perform this task. Previously, you had to contact Oracle support to reset admin credentials.