Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-21173

Upgrade Apache Thrift to 0.9.3-1

Log workAgile BoardRank to TopRank to BottomVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

      Description

      The project currently depends on libthrift-0.9.3, however thrift released 0.12.0 on 2019-JAN-04. This release includes a security fix for THRIFT-4506 (CVE-2018-1320). Updating thrift to the latest version will remove that vulnerability.

      Also note the Apache Thrift project does not publish "libfb303" any longer. fb303 is contributed code (in '/contrib') and it has not been maintained.

       

      Ps.: 0.9.3.1 also addresses the CVE, see THRIFT-4506

        Attachments

        1. HIVE-21173.01.patch
          0.9 kB
          David Lavati

        Issue Links

          Activity

          $i18n.getText('security.level.explanation', $currentSelection) Viewable by All Users
          Cancel

            People

            • Assignee:
              dlavati David Lavati Assign to me
              Reporter:
              jking3 James E. King III

              Dates

              • Created:
                Updated:
                Resolved:

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0h
              0h
              Logged:
              Time Spent - 1h
              1h

                Issue deployment