Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-21791

Upgrade thrift dependency to 0.12.0

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 3.0.0-alpha-1, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4
    • 3.0.0-alpha-1, 1.5.0, 2.2.0, 2.1.3, 2.0.5, 2.3.0
    • Thrift
    • None
    • Reviewed
    • Hide
      IMPORTANT: Due to security issues, all users who use hbase thrift should avoid using releases which do not have this fix.

      The effect releases are:
      2.1.x: 2.1.2 and below
      2.0.x: 2.0.4 and below
      1.x: 1.4.x and below

      If you are using the effect releases above, please consider upgrading to a newer release ASAP.
      Show
      IMPORTANT: Due to security issues, all users who use hbase thrift should avoid using releases which do not have this fix. The effect releases are: 2.1.x: 2.1.2 and below 2.0.x: 2.0.4 and below 1.x: 1.4.x and below If you are using the effect releases above, please consider upgrading to a newer release ASAP.

    Description

      As somebody have already known, that there is a CVE for thrift from 0.5.0 to 0.11.0.

      https://nvd.nist.gov/vuln/detail/CVE-2018-1320

      As the CVE is already public, let's upgrade our thrift dependency and release new versions ASAP.

      Attachments

        1. HBASE-21791.patch
          4.49 MB
          Duo Zhang
        2. HBASE-21791-branch-2.1.patch
          3.50 MB
          Duo Zhang
        3. HBASE-21791-branch-1.patch
          3.53 MB
          Andrew Kyle Purtell

        Issue Links

          Activity

            People

              zhangduo Duo Zhang
              zhangduo Duo Zhang
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: