Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-25755

Exclude tomcat-embed-core from libthrift

    XMLWordPrintableJSON

    Details

      Description

      HBASE-25568 upgraded the Thrift dependency to 0.14.1 to fix a known CVE but a dependency issue in libthrift brings in tomcat-embed-core which has many vulnerabilities. See: THRIFT-5375
      Since this dependency is used in Thrift only for a test we can safely exclude it inside HBase.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                psomogyi Peter Somogyi
                Reporter:
                psomogyi Peter Somogyi
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: