steveloughran opened a new pull request, #3589: URL: https://github.com/apache/parquet-java/pull/3589
### Rationale for this change There's a new Thrift release out. Changes include a fix for the CVE https://github.com/advisories/GHSA-526f-jxpj-jmg2 This is server side and only affect thrift javascript code. While parquet is unaffected, security scanner tools aren't necessarily going to be that nuanced. ### What changes are included in this PR? * updated build files/scripts with thrift version declarations * updated references in README.md * Added instructions in README as to where to find the gpg/sha signatures and a link to the thrift team KEYS file. ### Are these changes tested? * Expecting PR CI to do the tests. * It compiles! * I manually ran the modified wget command in the README to verify the path to the tarball is valid. ### Are there any user-facing changes? No Closes #3572 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
