Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-21173

Upgrade Apache Thrift to 0.9.3-1

    XMLWordPrintableJSON

    Details

      Description

      The project currently depends on libthrift-0.9.3, however thrift released 0.12.0 on 2019-JAN-04. This release includes a security fix for THRIFT-4506 (CVE-2018-1320). Updating thrift to the latest version will remove that vulnerability.

      Also note the Apache Thrift project does not publish "libfb303" any longer. fb303 is contributed code (in '/contrib') and it has not been maintained.

       

      Ps.: 0.9.3.1 also addresses the CVE, see THRIFT-4506

        Attachments

        1. HIVE-21173.01.patch
          0.9 kB
          David Lavati

          Issue Links

            Activity

              People

              • Assignee:
                dlavati David Lavati
                Reporter:
                jking3 James E. King III
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m