Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-5424

Cut release 0.14.2

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 0.14.1
    • Fix Version/s: 0.14.2
    • Component/s: Java - Library
    • Labels:
      None

      Description

      libthrift release 0.13.0 (and 0.12.0) has vulnerabilities, such as CVE-2019-0205 , CVE-2019-0210 , CVE-2020-13949 https://github.com/advisories/GHSA-g2fg-mr77-6vrm

      Unfortunately, upgrade to 0.14.1 is blocked by https://issues.apache.org/jira/browse/THRIFT-5383 which is fixed in apache/thrift#2366
      We'll need 0.14.2 - with working json parsing and fixed vulnerabilities. 

      For more context please see: https://github.com/apache/bookkeeper/pull/2695 

        Attachments

        Issue Links

          Activity

            People

            • Assignee:
              jensg Jens Geyer
              Reporter:
              ayegorov Andrey Yegorov

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment