thrift-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lari Hotari (Jira)" <j...@apache.org>
Subject [jira] [Comment Edited] (THRIFT-5424) Cut release 0.14.2
Date Sat, 12 Jun 2021 06:40:00 GMT

    [ https://issues.apache.org/jira/browse/THRIFT-5424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17362247#comment-17362247
] 

Lari Hotari edited comment on THRIFT-5424 at 6/12/21, 6:39 AM:
---------------------------------------------------------------

{quote}I'll prepare the release, don't worry. Since nobody else seems interested ...{quote}
 
Thank you [~jensg]. I really appreciate your extra effort to resolve this.


was (Author: lhotari):
> I'll prepare the release, don't worry. Since nobody else seems interested ...

Thank you [~jensg]. I really appreciate your extra effort to resolve this.

> Cut release 0.14.2
> ------------------
>
>                 Key: THRIFT-5424
>                 URL: https://issues.apache.org/jira/browse/THRIFT-5424
>             Project: Thrift
>          Issue Type: Task
>          Components: Java - Library
>    Affects Versions: 0.14.1
>            Reporter: Andrey Yegorov
>            Assignee: Jens Geyer
>            Priority: Critical
>             Fix For: 0.14.2
>
>
> libthrift release 0.13.0 (and 0.12.0) has vulnerabilities, such as CVE-2019-0205 , CVE-2019-0210
, CVE-2020-13949 https://github.com/advisories/GHSA-g2fg-mr77-6vrm
> Unfortunately, upgrade to 0.14.1 is blocked by https://issues.apache.org/jira/browse/THRIFT-5383 which
is fixed in [apache/thrift#2366|https://github.com/apache/thrift/pull/2366]
> We'll need 0.14.2 - with working json parsing and fixed vulnerabilities. 
> For more context please see: [https://github.com/apache/bookkeeper/pull/2695] 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message