hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Lavati (JIRA)" <>
Subject [jira] [Reopened] (HIVE-21173) Upgrade to the latest release of Apache Thrift
Date Thu, 18 Jul 2019 11:34:00 GMT


David Lavati reopened HIVE-21173:
      Assignee: David Lavati

I'm reopening this, to apply 0.9.3-1, which addressed the mentioned CVE.

HIVE-21000 will eventually surpass this, but we're kind of blocked there without a new accumulo

> Upgrade to the latest release of Apache Thrift
> ----------------------------------------------
>                 Key: HIVE-21173
>                 URL:
>             Project: Hive
>          Issue Type: Bug
>          Components: Thrift API
>            Reporter: James E. King III
>            Assignee: David Lavati
>            Priority: Major
> The project currently depends on libthrift-0.9.3, however thrift released 0.12.0 on 2019-JAN-04.
   This release includes a security fix for THRIFT-4506 (CVE-2018-1320).  Updating thrift
to the latest version will remove that vulnerability.
> Also note the Apache Thrift project does not publish "libfb303" any longer.  fb303 is
contributed code (in '/contrib') and it has not been maintained.

This message was sent by Atlassian JIRA

View raw message