Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.7.0
    • Fix Version/s: 1.8.0
    • Component/s: None
    • Labels:

      Description

      Group Artifact Version used Upgrade target
      org.apache.thrift libthrift 0.9.0 0.9.3,0.10.0
      org.apache.thrift libfb303 0.9.0 0.9.3

      Security vulnerability: http://www.cvedetails.com/cve/CVE-2015-3254/
      Maven repository:

      Please do:

      • CVE might be a false alarm or mistake. Please double check.
      • double check the newest version.
      • consider to remove a dependency if better alternative is available.
      • check whether the lib change would introduce a backward incompatibility (in which case please add this label `breaking_change` and fix version should be the next major)

      Excerpt from mvn dependency:tree

      org.apache.flume:flume-ng-sdk:jar:1.8.0-SNAPSHOT
      \- org.apache.thrift:libthrift:jar:0.9.0:compile
      
      org.apache.flume.flume-ng-sinks:flume-hive-sink:jar:1.8.0-SNAPSHOT
      +- org.apache.hive.hcatalog:hive-hcatalog-streaming:jar:1.0.0:provided
      |  +- org.apache.hive:hive-metastore:jar:1.0.0:provided
      |  |  \- org.apache.thrift:libfb303:jar:0.9.0:provided
      

        Issue Links

          Activity

          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Jenkins build Flume-trunk-hbase-1 #317 (See https://builds.apache.org/job/Flume-trunk-hbase-1/317/)
          FLUME-3127. Upgrade libfb303 library dependency (denes: http://git-wip-us.apache.org/repos/asf/flume/repo?p=flume.git&a=commit&h=773555c5c7d09650f8f4173ced232954b1a3a361)

          • (edit) flume-ng-legacy-sources/flume-thrift-source/src/main/java/com/cloudera/flume/handlers/thrift/Priority.java
          • (edit) flume-ng-sdk/src/main/java/org/apache/flume/thrift/ThriftSourceProtocol.java
          • (edit) flume-ng-sources/flume-scribe-source/src/main/java/org/apache/flume/source/scribe/LogEntry.java
          • (edit) pom.xml
          • (edit) flume-ng-legacy-sources/flume-thrift-source/src/main/java/com/cloudera/flume/handlers/thrift/EventStatus.java
          • (edit) flume-ng-sources/flume-scribe-source/src/main/java/org/apache/flume/source/scribe/Scribe.java
          • (edit) flume-ng-sdk/src/main/java/org/apache/flume/thrift/ThriftFlumeEvent.java
          • (edit) flume-ng-sources/flume-scribe-source/src/main/java/org/apache/flume/source/scribe/ScribeSource.java
          • (edit) flume-ng-legacy-sources/flume-thrift-source/src/main/java/com/cloudera/flume/handlers/thrift/ThriftFlumeEvent.java
          • (edit) flume-ng-legacy-sources/flume-thrift-source/src/main/java/com/cloudera/flume/handlers/thrift/ThriftFlumeEventServer.java
          • (edit) flume-ng-sources/flume-scribe-source/src/main/java/org/apache/flume/source/scribe/ResultCode.java
          • (edit) flume-ng-sdk/src/main/java/org/apache/flume/thrift/Status.java
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Jenkins build Flume-trunk-hbase-1 #317 (See https://builds.apache.org/job/Flume-trunk-hbase-1/317/ ) FLUME-3127 . Upgrade libfb303 library dependency (denes: http://git-wip-us.apache.org/repos/asf/flume/repo?p=flume.git&a=commit&h=773555c5c7d09650f8f4173ced232954b1a3a361 ) (edit) flume-ng-legacy-sources/flume-thrift-source/src/main/java/com/cloudera/flume/handlers/thrift/Priority.java (edit) flume-ng-sdk/src/main/java/org/apache/flume/thrift/ThriftSourceProtocol.java (edit) flume-ng-sources/flume-scribe-source/src/main/java/org/apache/flume/source/scribe/LogEntry.java (edit) pom.xml (edit) flume-ng-legacy-sources/flume-thrift-source/src/main/java/com/cloudera/flume/handlers/thrift/EventStatus.java (edit) flume-ng-sources/flume-scribe-source/src/main/java/org/apache/flume/source/scribe/Scribe.java (edit) flume-ng-sdk/src/main/java/org/apache/flume/thrift/ThriftFlumeEvent.java (edit) flume-ng-sources/flume-scribe-source/src/main/java/org/apache/flume/source/scribe/ScribeSource.java (edit) flume-ng-legacy-sources/flume-thrift-source/src/main/java/com/cloudera/flume/handlers/thrift/ThriftFlumeEvent.java (edit) flume-ng-legacy-sources/flume-thrift-source/src/main/java/com/cloudera/flume/handlers/thrift/ThriftFlumeEventServer.java (edit) flume-ng-sources/flume-scribe-source/src/main/java/org/apache/flume/source/scribe/ResultCode.java (edit) flume-ng-sdk/src/main/java/org/apache/flume/thrift/Status.java
          Hide
          denes Denes Arvay added a comment -

          Thank you for the patch Ferenc Szabo, I have committed your change.

          Show
          denes Denes Arvay added a comment - Thank you for the patch Ferenc Szabo , I have committed your change.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user asfgit closed the pull request at:

          https://github.com/apache/flume/pull/163

          Show
          githubbot ASF GitHub Bot added a comment - Github user asfgit closed the pull request at: https://github.com/apache/flume/pull/163
          Hide
          jira-bot ASF subversion and git services added a comment -

          Commit 773555c5c7d09650f8f4173ced232954b1a3a361 in flume's branch refs/heads/trunk from Ferenc Szabo
          [ https://git-wip-us.apache.org/repos/asf?p=flume.git;h=773555c ]

          FLUME-3127. Upgrade libfb303 library dependency

          • thrift version changed to 0.9.3
          • thrift objects generated with the new version
          • deprecated method calls updated in ScribeSource
          • cross-compatibility tested with Flume 1.6 and 1.7

          This closes #163

          Reviewers: Denes Arvay

          (Ferenc Szabo via Denes Arvay)

          Show
          jira-bot ASF subversion and git services added a comment - Commit 773555c5c7d09650f8f4173ced232954b1a3a361 in flume's branch refs/heads/trunk from Ferenc Szabo [ https://git-wip-us.apache.org/repos/asf?p=flume.git;h=773555c ] FLUME-3127 . Upgrade libfb303 library dependency thrift version changed to 0.9.3 thrift objects generated with the new version deprecated method calls updated in ScribeSource cross-compatibility tested with Flume 1.6 and 1.7 This closes #163 Reviewers: Denes Arvay (Ferenc Szabo via Denes Arvay)
          Hide
          githubbot ASF GitHub Bot added a comment -

          GitHub user szaboferee opened a pull request:

          https://github.com/apache/flume/pull/163

          FLUME-3127 Upgrade libfb303 library dependency

          • thrift version changed to 0.9.3
          • thrift objects generated with the new version
          • deprecated method calls updated in ScribeSource

          Full build with tests ran successfuly

          You can merge this pull request into a Git repository by running:

          $ git pull https://github.com/szaboferee/flume FLUME-3127

          Alternatively you can review and apply these changes as the patch at:

          https://github.com/apache/flume/pull/163.patch

          To close this pull request, make a commit to your master/trunk branch
          with (at least) the following in the commit message:

          This closes #163


          commit ea6fe7d6c742c6ba3b5306488782d7584651dfc0
          Author: Ferenc Szabo <fszabo@cloudera.com>
          Date: 2017-09-01T14:16:08Z

          FLUME-3127 Upgrade libfb303 library dependency

          • thrift version changed to 0.9.3
          • thrift objects generated with the new version
          • deprecated method calls updated in ScribeSource

          Show
          githubbot ASF GitHub Bot added a comment - GitHub user szaboferee opened a pull request: https://github.com/apache/flume/pull/163 FLUME-3127 Upgrade libfb303 library dependency thrift version changed to 0.9.3 thrift objects generated with the new version deprecated method calls updated in ScribeSource Full build with tests ran successfuly You can merge this pull request into a Git repository by running: $ git pull https://github.com/szaboferee/flume FLUME-3127 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/flume/pull/163.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #163 commit ea6fe7d6c742c6ba3b5306488782d7584651dfc0 Author: Ferenc Szabo <fszabo@cloudera.com> Date: 2017-09-01T14:16:08Z FLUME-3127 Upgrade libfb303 library dependency thrift version changed to 0.9.3 thrift objects generated with the new version deprecated method calls updated in ScribeSource

            People

            • Assignee:
              fszabo Ferenc Szabo
              Reporter:
              sati Attila Simon
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development