Return-Path: X-Original-To: apmail-hbase-issues-archive@www.apache.org Delivered-To: apmail-hbase-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 65D1418AF4 for ; Tue, 14 Jul 2015 04:55:05 +0000 (UTC) Received: (qmail 56636 invoked by uid 500); 14 Jul 2015 04:55:05 -0000 Delivered-To: apmail-hbase-issues-archive@hbase.apache.org Received: (qmail 56586 invoked by uid 500); 14 Jul 2015 04:55:05 -0000 Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list issues@hbase.apache.org Received: (qmail 56569 invoked by uid 99); 14 Jul 2015 04:55:05 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Jul 2015 04:55:05 +0000 Date: Tue, 14 Jul 2015 04:55:05 +0000 (UTC) From: "Srikanth Srungarapu (JIRA)" To: issues@hbase.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (HBASE-14045) Bumping thrift version to 0.9.2. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HBASE-14045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Srikanth Srungarapu updated HBASE-14045: ---------------------------------------- Attachment: HBASE-14045.patch > Bumping thrift version to 0.9.2. > -------------------------------- > > Key: HBASE-14045 > URL: https://issues.apache.org/jira/browse/HBASE-14045 > Project: HBase > Issue Type: Improvement > Reporter: Srikanth Srungarapu > Assignee: Srikanth Srungarapu > Fix For: 2.0.0, 1.3.0 > > Attachments: HBASE-14045.patch > > > From mailing list conversation: > {quote} > Currently, HBase is using Thrift 0.9.0 version, with the latest version being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes due to THRIFT-2660 when used with default transport and the workaround for this problem is switching to framed transport. Unfortunately, the recently added impersonation support \[1\] doesn't work with framed transport leaving thrift gateway using this feature susceptible to crashes. Updating thrift version to 0.9.2 will help us in mitigating this problem. Given that security is one of key requirements for the production clusters, it would be good to ensure our users that security features in thrift gateway can be used without any major concerns. Aside this, there are also some nice fixes pertaining to leaky resources in 0.9.2 like \[2\] and \[3\]. > As far compatibility guarantees are concerned, thrift assures 100% wire compatibility. However, it is my understanding that there were some minor additions (new API) in 0.9.2 \[4\] which won't work in 0.9.0, but that won't affect us since we are not using those features. And I tried running test suite and did manual testing with thrift version set to 0.9.2 and things are running smoothly. If there are no objections to this change, I would be more than happy to file a jira and follow this up. > \[1\] https://issues.apache.org/jira/browse/HBASE-11349 > \[2\] https://issues.apache.org/jira/browse/THRIFT-2274 > \[3\] https://issues.apache.org/jira/browse/THRIFT-2359 > \[4\] https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800&version=12324954 > {quote} -- This message was sent by Atlassian JIRA (v6.3.4#6332)