[
https://issues.apache.org/jira/browse/THRIFT-5972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18078204#comment-18078204
]
Thomas Galla commented on THRIFT-5972:
--------------------------------------
FYI: On my end these criticial / high CVEs have been reported for 0.22.0 ( just
to align our experience with [~granadacoder] ).
[http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2026-41603]
[http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2026-41605]
[http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2026-41606]
[http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2026-41607]
It is my impression that after [~jensg] got involved in June 2025 for the Java
release artifacts v0.22.0 things got sorted out quickly.
I hope it will be the same for this release.
> 0.23.0 "published" to public Maven
> ----------------------------------
>
> Key: THRIFT-5972
> URL: https://issues.apache.org/jira/browse/THRIFT-5972
> Project: Thrift
> Issue Type: Improvement
> Components: Java - Library
> Affects Versions: 0.23.0
> Reporter: Shh
> Priority: Major
>
> HI.
>
> 0.23.0 addresses a critical vulnerability.
> and is available as a download here:
>
> [Release Version 0.23.0 · apache/thrift ·
> GitHub|https://github.com/apache/thrift/releases/tag/v0.23.0]
>
> My company's build systems are tied to public maven central.
>
> and 0.23.0 is not avaiable here.
>
> [Maven Repository: org.apache.thrift »
> libthrift|https://mvnrepository.com/artifact/org.apache.thrift/libthrift]
> (currently only 0.22.0 and lower is available).
>
>
> I am kindly requesting that the library be "published" to maven-central.
>
> Note, the time gap on 0.22.0 seems to have been about one month.
>
> I appreciated the consideration.
>
> thank you.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
