[
https://issues.apache.org/jira/browse/THRIFT-4506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16767423#comment-16767423
]
Mike Yoder commented on THRIFT-4506:
------------------------------------
[~jking3] - do you have any plans to work on this further, or should we give up
hope and make our own fork of thrift? Recall that all we care about is the java
client. Thanks, -Mike
> [CVE-2018-1320] Remove assertion in Java SASL code that would be ignored in
> release builds
> ------------------------------------------------------------------------------------------
>
> Key: THRIFT-4506
> URL: https://issues.apache.org/jira/browse/THRIFT-4506
> Project: Thrift
> Issue Type: Bug
> Components: Java - Library
> Affects Versions: 0.5
> Reporter: James E. King III
> Assignee: James E. King III
> Priority: Minor
> Labels: SASL, security
> Fix For: 0.12.0
>
>
> There is an assertion in the SASL transport for Java that will only be
> processed in debug builds, at
> https://github.com/apache/thrift/blob/master/lib/java/src/org/apache/thrift/transport/TSaslTransport.java#L298.
> The preceeding while loop can be changed to guarantee this assertion in all
> builds.
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1320
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
