Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-3065

Update libthrift dependencies (slf4j, httpcore, httpclient)

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.9.2
    • 0.9.3
    • Java - Library
    • None

    Description

      libthrift 0.9.2 has dependencies on httpclient 4.2.5, httpcore 4.2.4 and slf4j 1.5.8. All of these should be updated. The most critical is httpclient 4.2.5 as it has a known vulnerability (CVE-2014-3577) which permits MiTM attacks. HttpCore might as well be updated to the latest version too and slf4j 1.5.8 is nearly six years old now.

      Attachments

        Issue Links

          is related to

          Dependency upgrade - Upgrading a dependency to a newer version THRIFT-3952 Upgrade from v1.5.8 to current version for slf4j

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              roger Roger Meier
              ddillard David Dillard
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: