[HIVE-21173] Upgrade Apache Thrift to 0.9.3-1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0.0-alpha-1
Component/s: Thrift API
Labels:
- pull-request-available

Description

The project currently depends on libthrift-0.9.3, however thrift released 0.12.0 on 2019-JAN-04. This release includes a security fix for ~~THRIFT-4506~~ (CVE-2018-1320). Updating thrift to the latest version will remove that vulnerability.

Also note the Apache Thrift project does not publish "libfb303" any longer. fb303 is contributed code (in '/contrib') and it has not been maintained.

Ps.: 0.9.3.1 also addresses the CVE, see ~~THRIFT-4506~~

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-21173.01.patch
18/Jul/19 12:23
0.9 kB
David Lavati

Issue Links

duplicates

HIVE-21000 Upgrade thrift to at least 0.10.0

Resolved

HIVE-21207 Use 0.12.0 libthrift version in Hive

Resolved

is related to

HIVE-22243 Align Apache Thrift version to 0.9.3-1 in standalone-metastore as well

Closed

links to

GitHub Pull Request #730

Activity

People

Assignee:: David Lavati

Reporter:: James E. King III

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 27/Jan/19 13:19

Updated:: 17/Nov/22 08:55

Resolved:: 24/Jul/19 09:32

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: