Details
-
Task
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
3.0.0-alpha-1, 2.2.7, 2.5.0, 2.3.5, 2.4.3
-
None
Description
HBASE-25568 upgraded the Thrift dependency to 0.14.1 to fix a known CVE but a dependency issue in libthrift brings in tomcat-embed-core which has many vulnerabilities. See: THRIFT-5375
Since this dependency is used in Thrift only for a test we can safely exclude it inside HBase.
Attachments
Issue Links
- is related to
-
HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949
- Resolved
- links to