Peter Lee created KUDU-3626:
-------------------------------
Summary: The dependency version of Thrift needs to be updated
Key: KUDU-3626
URL: https://issues.apache.org/jira/browse/KUDU-3626
Project: Kudu
Issue Type: Improvement
Reporter: Peter Lee
Hi dear Kudu team, thank you for your great work in Kudu.
I noticed that Kudu is still depending on Thrift 0.11.0, which is affected by
some vulnerabilities, such as CVE-2018-1320, CVE-2019-0210, and CVE-2019-0205.
Maybe we could upgrade Thrift to a newer version without vulnerabilities, like
0.20.0.
Besides this, there are some other dependencies with vulnerabilities, like
Apache Hadoop, postgresql, protobuf, and yaml-cpp. It will be appreciated if
you can also upgrade their versions.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
