[jira] [Resolved] (KUDU-3626) The dependency version of Thrift needs to be updated

Alexey Serbin (Jira) Wed, 26 Feb 2025 14:21:23 -0800


     [ 
https://issues.apache.org/jira/browse/KUDU-3626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Alexey Serbin resolved KUDU-3626.
---------------------------------
    Fix Version/s: 1.18.0
       Resolution: Fixed

> The dependency version of Thrift needs to be updated
> ----------------------------------------------------
>
>                 Key: KUDU-3626
>                 URL: https://issues.apache.org/jira/browse/KUDU-3626
>             Project: Kudu
>          Issue Type: Improvement
>            Reporter: Peter Lee
>            Priority: Major
>             Fix For: 1.18.0
>
>
> Hi dear Kudu team, thank you for your great work in Kudu.
> I noticed that Kudu is still depending on Thrift 0.11.0, which is affected by 
> some vulnerabilities, such as CVE-2018-1320, CVE-2019-0210, and 
> CVE-2019-0205. Maybe we could bump Thrift to a newer version without 
> vulnerabilities, like 0.20.0.
> Besides this, there are some other dependencies with vulnerabilities, like 
> Apache Hadoop, postgresql, protobuf, and yaml-cpp. It will be appreciated if 
> you can also bump their versions.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (KUDU-3626) The dependency version of Thrift needs to be updated

Reply via email to