[jira] [Created] (JENA-1781) Upgrade Thrift to version 0.13.0

Ken Treimann (Jira) Tue, 19 Nov 2019 13:02:47 -0800

Ken Treimann created JENA-1781:
----------------------------------

             Summary: Upgrade Thrift to version 0.13.0
                 Key: JENA-1781
                 URL: https://issues.apache.org/jira/browse/JENA-1781
             Project: Apache Jena
          Issue Type: Dependency upgrade
          Components: ARQ, OSGi
            Reporter: Ken Treimann



OWASP Dependency Check identifies Thrift version 0.12.0 as having the following 
vulnerabilites:

[CVE-2019-0205|[https://nvd.nist.gov/vuln/detail/CVE-2019-0205|https://nvd.nist.gov/vuln/detail/CVE-2019-0210]]

[CVE-2019-0210|[https://nvd.nist.gov/vuln/detail/CVE-2019-0210]]

According to 
[CASSANDRA-15420|https://issues.apache.org/jira/browse/CASSANDRA-15420], this 
was partially fixed in version 0.11.0, but it still gets flagged as vulnerable. 
 [This 
message|[http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E]]
 from the thrift-dev mailing list states that the mitigation is to upgrade to 
version 0.13.0.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (JENA-1781) Upgrade Thrift to version 0.13.0

Reply via email to