[jira] [Updated] (JENA-1781) Upgrade Thrift to version 0.13.0

Tue, 19 Nov 2019 13:03:48 -0800 


     [ 
https://issues.apache.org/jira/browse/JENA-1781?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ken Treimann updated JENA-1781:
-------------------------------
    Description: 
OWASP Dependency Check identifies Thrift version 0.12.0 as having the following 
vulnerabilites:

[CVE-2019-0205|https://nvd.nist.gov/vuln/detail/CVE-2019-0205|https://nvd.nist.gov/vuln/detail/CVE-2019-0210]

[CVE-2019-0210|https://nvd.nist.gov/vuln/detail/CVE-2019-0210]

According to 
[CASSANDRA-15420|https://issues.apache.org/jira/browse/CASSANDRA-15420], this 
was partially fixed in version 0.11.0, but it still gets flagged as vulnerable. 
 [This 
message|http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E]
 from the thrift-dev mailing list states that the mitigation is to upgrade to 
version 0.13.0.

  was:
OWASP Dependency Check identifies Thrift version 0.12.0 as having the following 
vulnerabilites:

[CVE-2019-0205|[https://nvd.nist.gov/vuln/detail/CVE-2019-0205|https://nvd.nist.gov/vuln/detail/CVE-2019-0210]]

[CVE-2019-0210|[https://nvd.nist.gov/vuln/detail/CVE-2019-0210]]

According to 
[CASSANDRA-15420|https://issues.apache.org/jira/browse/CASSANDRA-15420], this 
was partially fixed in version 0.11.0, but it still gets flagged as vulnerable. 
 [This 
message|[http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E]]
 from the thrift-dev mailing list states that the mitigation is to upgrade to 
version 0.13.0.


> Upgrade Thrift to version 0.13.0
> --------------------------------
>
>                 Key: JENA-1781
>                 URL: https://issues.apache.org/jira/browse/JENA-1781
>             Project: Apache Jena
>          Issue Type: Dependency upgrade
>          Components: ARQ, OSGi
>            Reporter: Ken Treimann
>            Priority: Major
>
> OWASP Dependency Check identifies Thrift version 0.12.0 as having the 
> following vulnerabilites:
> [CVE-2019-0205|https://nvd.nist.gov/vuln/detail/CVE-2019-0205|https://nvd.nist.gov/vuln/detail/CVE-2019-0210]
> [CVE-2019-0210|https://nvd.nist.gov/vuln/detail/CVE-2019-0210]
> According to 
> [CASSANDRA-15420|https://issues.apache.org/jira/browse/CASSANDRA-15420], this 
> was partially fixed in version 0.11.0, but it still gets flagged as 
> vulnerable.  [This 
> message|http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E]
>  from the thrift-dev mailing list states that the mitigation is to upgrade to 
> version 0.13.0.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to