Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-21791

Upgrade thrift dependency to 0.12.0

    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4
    • Fix Version/s: 3.0.0, 1.5.0, 2.2.0, 2.1.3, 2.0.5, 2.3.0
    • Component/s: Thrift
    • Labels:
      None
    • Hadoop Flags:
      Reviewed
    • Release Note:
      Hide
      IMPORTANT: Due to security issues, all users who use hbase thrift should avoid using releases which do not have this fix.

      The effect releases are:
      2.1.x: 2.1.2 and below
      2.0.x: 2.0.4 and below
      1.x: 1.4.x and below

      If you are using the effect releases above, please consider upgrading to a newer release ASAP.
      Show
      IMPORTANT: Due to security issues, all users who use hbase thrift should avoid using releases which do not have this fix. The effect releases are: 2.1.x: 2.1.2 and below 2.0.x: 2.0.4 and below 1.x: 1.4.x and below If you are using the effect releases above, please consider upgrading to a newer release ASAP.

      Description

      As somebody have already known, that there is a CVE for thrift from 0.5.0 to 0.11.0.

      https://nvd.nist.gov/vuln/detail/CVE-2018-1320

      As the CVE is already public, let's upgrade our thrift dependency and release new versions ASAP.

        Attachments

        1. HBASE-21791-branch-2.1.patch
          3.50 MB
          Duo Zhang
        2. HBASE-21791-branch-1.patch
          3.53 MB
          Andrew Kyle Purtell
        3. HBASE-21791.patch
          4.49 MB
          Duo Zhang

          Issue Links

            Activity

              People

              • Assignee:
                zhangduo Duo Zhang
                Reporter:
                zhangduo Duo Zhang
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: