[FLUME-3127] Upgrade libfb303 library dependency - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.7.0
Fix Version/s: 1.8.0
Component/s: None
Labels:
- dependency

Description

Group	Artifact	Version used	Upgrade target
org.apache.thrift	libthrift	0.9.0	0.9.3,0.10.0
org.apache.thrift	libfb303	0.9.0	0.9.3

Security vulnerability: http://www.cvedetails.com/cve/CVE-2015-3254/
Maven repository:

Please do:

CVE might be a false alarm or mistake. Please double check.
double check the newest version.
consider to remove a dependency if better alternative is available.
check whether the lib change would introduce a backward incompatibility (in which case please add this label `breaking_change` and fix version should be the next major)

Excerpt from mvn dependency:tree

org.apache.flume:flume-ng-sdk:jar:1.8.0-SNAPSHOT
\- org.apache.thrift:libthrift:jar:0.9.0:compile

org.apache.flume.flume-ng-sinks:flume-hive-sink:jar:1.8.0-SNAPSHOT
+- org.apache.hive.hcatalog:hive-hcatalog-streaming:jar:1.0.0:provided
|  +- org.apache.hive:hive-metastore:jar:1.0.0:provided
|  |  \- org.apache.thrift:libfb303:jar:0.9.0:provided

Attachments

Issue Links

relates to

FLUME-2947 Upgrade Hive and thrift libraries

Open

FLUME-2865 Upgrade thrift version to 0.9.3

Resolved

FLUME-1796 Upgrade Thrift due to race condition in TThreadSeverPool

Patch Available

FLUME-2531 Upgrade Thrift to 0.9.1

Resolved

links to

GitHub Pull Request #163

Activity

People

Assignee:: Ferenc Szabo

Reporter:: Attila Simon

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 19/Jul/17 14:36

Updated:: 11/Sep/17 14:08

Resolved:: 11/Sep/17 13:08