Alexey Serbin has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/22159 )
Change subject: [thirdparty] KUDU-3626: Upgrade Apache Thrift to version 0.21.0 ...................................................................... [thirdparty] KUDU-3626: Upgrade Apache Thrift to version 0.21.0 To address CVEs like CVE-2018-1320, CVE-2019-0210 and CVE-2019-0205 in the current Apache Thrift version 0.11.0 we are upgrading to version 0.21.0. We initally considered using version 0.16.0 as Hive uses it. But due to the reported issues[1][2] and no significant changes between 0.16.0 and 0.21.0 which can potentially break Kudu we think we can upgrade to 0.21.0 directly hence being more future proof. Thanks to Alexey Serbin for valuable inputs for this patch. [1]https://issues.apache.org/jira/browse/THRIFT-5599 [2]https://issues.apache.org/jira/browse/THRIFT-5696 Change-Id: I44c85f5d6679895865346118759d8da379cec3d5 Reviewed-on: http://gerrit.cloudera.org:8080/22159 Tested-by: Alexey Serbin <[email protected]> Reviewed-by: Alexey Serbin <[email protected]> --- M cmake_modules/FindThrift.cmake M src/kudu/thrift/sasl_client_transport.cc M src/kudu/thrift/sasl_client_transport.h M thirdparty/build-definitions.sh M thirdparty/vars.sh 5 files changed, 13 insertions(+), 9 deletions(-) Approvals: Alexey Serbin: Looks good to me, approved; Verified -- To view, visit http://gerrit.cloudera.org:8080/22159 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I44c85f5d6679895865346118759d8da379cec3d5 Gerrit-Change-Number: 22159 Gerrit-PatchSet: 7 Gerrit-Owner: Abhishek Chennaka <[email protected]> Gerrit-Reviewer: Abhishek Chennaka <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120)
