Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
Description
The project currently depends on libthrift-0.9.3, however thrift released 0.12.0 on 2019-JAN-04. This release includes a security fix for THRIFT-4506 (CVE-2018-1320). Updating thrift to the latest version will remove that vulnerability.
Also note the Apache Thrift project does not publish "libfb303" any longer. fb303 is contributed code (in '/contrib') and it has not been maintained.
Ps.: 0.9.3.1 also addresses the CVE, see THRIFT-4506
Attachments
Attachments
Issue Links
- duplicates
-
HIVE-21000 Upgrade thrift to at least 0.10.0
- Resolved
-
HIVE-21207 Use 0.12.0 libthrift version in Hive
- Resolved
- is related to
-
HIVE-22243 Align Apache Thrift version to 0.9.3-1 in standalone-metastore as well
- Closed
- links to