[
https://issues.apache.org/jira/browse/KUDU-3626?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17907198#comment-17907198
]
ASF subversion and git services commented on KUDU-3626:
-------------------------------------------------------
Commit 19164780b89d67cfbdb9b33477d3c6756c04cb6c in kudu's branch
refs/heads/master from Abhishek Chennaka
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=19164780b ]
[thirdparty] KUDU-3626 Upgrade Hadoop to 3.4.1
This upgrades the C++ thirdparty Hadoop dependency to 3.4.1.
Upgrades to Hive dependency and corresponding Java versions to
follow.
Change-Id: I90a02bb027e1c5333d6c4c5717c711966b335bf9
Reviewed-on: http://gerrit.cloudera.org:8080/22180
Tested-by: Abhishek Chennaka <achenn...@cloudera.com>
Reviewed-by: Alexey Serbin <ale...@apache.org>
> The dependency version of Thrift needs to be updated
> ----------------------------------------------------
>
> Key: KUDU-3626
> URL: https://issues.apache.org/jira/browse/KUDU-3626
> Project: Kudu
> Issue Type: Improvement
> Reporter: Peter Lee
> Priority: Major
>
> Hi dear Kudu team, thank you for your great work in Kudu.
> I noticed that Kudu is still depending on Thrift 0.11.0, which is affected by
> some vulnerabilities, such as CVE-2018-1320, CVE-2019-0210, and
> CVE-2019-0205. Maybe we could bump Thrift to a newer version without
> vulnerabilities, like 0.20.0.
> Besides this, there are some other dependencies with vulnerabilities, like
> Apache Hadoop, postgresql, protobuf, and yaml-cpp. It will be appreciated if
> you can also bump their versions.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
