Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-21173

Upgrade Apache Thrift to 0.9.3-1

Log workAgile BoardRank to TopRank to BottomBulk Copy AttachmentsBulk Move AttachmentsVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      The project currently depends on libthrift-0.9.3, however thrift released 0.12.0 on 2019-JAN-04. This release includes a security fix for THRIFT-4506 (CVE-2018-1320). Updating thrift to the latest version will remove that vulnerability.

      Also note the Apache Thrift project does not publish "libfb303" any longer. fb303 is contributed code (in '/contrib') and it has not been maintained.

       

      Ps.: 0.9.3.1 also addresses the CVE, see THRIFT-4506

      Attachments

        1. HIVE-21173.01.patch
          0.9 kB
          David Lavati

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            dlavati David Lavati Assign to me
            jking3 James E. King III
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0h
              0h
              Logged:
              Time Spent - 1h
              1h

              Slack

                Issue deployment