CLevasseur commented on PR #10208:
URL: https://github.com/apache/arrow-rs/pull/10208#issuecomment-4787143280
Closing this as it can't cleanly merge into main — thrift was removed
entirely in 59.0.0 (#9962) as a workaround while no patched version existed.
Now that thrift 0.23.0 is on crates.io and fixes CVE-2026-43868, the
recommended path for 58.x users is to upgrade to parquet 59.x (which also drops
the dependency), or to pin `thrift = { version = "0.23" }` directly in their
own workspace. If maintainers want to cut a 58.x security patch release, happy
to reopen against a dedicated 58.x branch.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
