thrift-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Norbert Kalmar <nkal...@cloudera.com.INVALID>
Subject Thrift 0.9.4 release - THRIFT-4506
Date Tue, 29 Jan 2019 21:53:43 GMT
Hi Thrift devs!

Recent findings of the security bug around SASL negotiation bypass was
fixed in THRIFT-4506.

But that fix is only in 0.12.0.
Various components depend on older version if Thrift (see discussion on
https://issues.apache.org/jira/browse/THRIFT-4506 ) Specifically, that
version is 0.9.3.

Some chat already started on a release of 0.9.4, or even possibly just a
bugfix release on the Java client. I think this is reasonable to do so. I
know there is workaround, but we can't really rely on a flag being in every
process using Thrift.

What are your thoughts on a release from the 0.9.3. branch?

Thanks,
Norbert

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message