Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-3065

Update libthrift dependencies (slf4j, httpcore, httpclient)

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.9.2
    • Fix Version/s: 0.9.3
    • Component/s: Java - Library
    • Labels:
      None

      Description

      libthrift 0.9.2 has dependencies on httpclient 4.2.5, httpcore 4.2.4 and slf4j 1.5.8. All of these should be updated. The most critical is httpclient 4.2.5 as it has a known vulnerability (CVE-2014-3577) which permits MiTM attacks. HttpCore might as well be updated to the latest version too and slf4j 1.5.8 is nearly six years old now.

        Attachments

          Issue Links

          is related to

          Dependency upgrade - Upgrading a dependency to a newer version THRIFT-3952 Upgrade from v1.5.8 to current version for slf4j

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

            Activity

              People

              • Assignee:
                roger Roger Meier
                Reporter:
                ddillard David Dillard
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: