Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-5424

Cut release 0.14.2

    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 0.14.1
    • 0.14.2
    • Java - Library
    • None

    Description

      libthrift release 0.13.0 (and 0.12.0) has vulnerabilities, such as CVE-2019-0205 , CVE-2019-0210 , CVE-2020-13949 https://github.com/advisories/GHSA-g2fg-mr77-6vrm

      Unfortunately, upgrade to 0.14.1 is blocked by https://issues.apache.org/jira/browse/THRIFT-5383 which is fixed in apache/thrift#2366
      We'll need 0.14.2 - with working json parsing and fixed vulnerabilities. 

      For more context please see: https://github.com/apache/bookkeeper/pull/2695 

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. THRIFT-5383 TJSONProtocol Java readString throws on bounds check

          • Major - Major loss of function.
          • Closed

          Activity

            People

              jensg Jens Geyer
              ayegorov Andrey Yegorov
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: