-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 0.9.2
-
Fix Version/s: 0.9.3
-
Component/s: Java - Library
-
Labels:None
libthrift 0.9.2 has dependencies on httpclient 4.2.5, httpcore 4.2.4 and slf4j 1.5.8. All of these should be updated. The most critical is httpclient 4.2.5 as it has a known vulnerability (CVE-2014-3577) which permits MiTM attacks. HttpCore might as well be updated to the latest version too and slf4j 1.5.8 is nearly six years old now.
- is related to
-
THRIFT-3952 Upgrade from v1.5.8 to current version for slf4j
-
- Closed
-