[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[ https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16767379#comment-16767379 ] Sean Busbey commented on HBASE-21791: - Does the profile turn on any special thrift options? If so, do we need to do the compatibility testing again? > Upgrade thrift dependency to 0.12.0 > --- > > Key: HBASE-21791 > URL: https://issues.apache.org/jira/browse/HBASE-21791 > Project: HBase > Issue Type: Task > Components: Thrift >Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4 >Reporter: Duo Zhang >Assignee: Duo Zhang >Priority: Blocker > Fix For: 3.0.0, 1.5.0, 2.2.0, 2.1.3, 2.0.5, 2.3.0 > > Attachments: HBASE-21791-branch-1.patch, > HBASE-21791-branch-2.1.patch, HBASE-21791.patch > > > As somebody have already known, that there is a CVE for thrift from 0.5.0 to > 0.11.0. > https://nvd.nist.gov/vuln/detail/CVE-2018-1320 > As the CVE is already public, let's upgrade our thrift dependency and release > new versions ASAP. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[ https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16766914#comment-16766914 ] Duo Zhang commented on HBASE-21791: --- [~zghaobac] Oh there is a profile for generating the thrift code? Then please open a issue to address this problem. I always generate the code by typing thrift command manually... > Upgrade thrift dependency to 0.12.0 > --- > > Key: HBASE-21791 > URL: https://issues.apache.org/jira/browse/HBASE-21791 > Project: HBase > Issue Type: Task > Components: Thrift >Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4 >Reporter: Duo Zhang >Assignee: Duo Zhang >Priority: Blocker > Fix For: 3.0.0, 1.5.0, 2.2.0, 2.1.3, 2.0.5, 2.3.0 > > Attachments: HBASE-21791-branch-1.patch, > HBASE-21791-branch-2.1.patch, HBASE-21791.patch > > > As somebody have already known, that there is a CVE for thrift from 0.5.0 to > 0.11.0. > https://nvd.nist.gov/vuln/detail/CVE-2018-1320 > As the CVE is already public, let's upgrade our thrift dependency and release > new versions ASAP. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[ https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16766915#comment-16766915 ] Peter Somogyi commented on HBASE-21791: --- Yes, it was missing from the patch. Here is a regex to check the version: https://github.com/apache/hbase/blob/master/hbase-thrift/pom.xml#L370 > Upgrade thrift dependency to 0.12.0 > --- > > Key: HBASE-21791 > URL: https://issues.apache.org/jira/browse/HBASE-21791 > Project: HBase > Issue Type: Task > Components: Thrift >Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4 >Reporter: Duo Zhang >Assignee: Duo Zhang >Priority: Blocker > Fix For: 3.0.0, 1.5.0, 2.2.0, 2.1.3, 2.0.5, 2.3.0 > > Attachments: HBASE-21791-branch-1.patch, > HBASE-21791-branch-2.1.patch, HBASE-21791.patch > > > As somebody have already known, that there is a CVE for thrift from 0.5.0 to > 0.11.0. > https://nvd.nist.gov/vuln/detail/CVE-2018-1320 > As the CVE is already public, let's upgrade our thrift dependency and release > new versions ASAP. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[
https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16766905#comment-16766905
]
Guanghao Zhang commented on HBASE-21791:
Build thrift failed by {{mvn compile -Pcompile-thrift. We should change the
compile-thrift profile, too? Now it require the thrift version have to be
0.9.3.}}
> Upgrade thrift dependency to 0.12.0
> ---
>
> Key: HBASE-21791
> URL: https://issues.apache.org/jira/browse/HBASE-21791
> Project: HBase
> Issue Type: Task
> Components: Thrift
>Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4
>Reporter: Duo Zhang
>Assignee: Duo Zhang
>Priority: Blocker
> Fix For: 3.0.0, 1.5.0, 2.2.0, 2.1.3, 2.0.5, 2.3.0
>
> Attachments: HBASE-21791-branch-1.patch,
> HBASE-21791-branch-2.1.patch, HBASE-21791.patch
>
>
> As somebody have already known, that there is a CVE for thrift from 0.5.0 to
> 0.11.0.
> https://nvd.nist.gov/vuln/detail/CVE-2018-1320
> As the CVE is already public, let's upgrade our thrift dependency and release
> new versions ASAP.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[ https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16763918#comment-16763918 ] Francis Liu commented on HBASE-21791: - Thanks [~apurtell]. I'll do that. > Upgrade thrift dependency to 0.12.0 > --- > > Key: HBASE-21791 > URL: https://issues.apache.org/jira/browse/HBASE-21791 > Project: HBase > Issue Type: Task > Components: Thrift >Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4 >Reporter: Duo Zhang >Assignee: Duo Zhang >Priority: Blocker > Fix For: 3.0.0, 1.5.0, 2.2.0, 2.1.3, 2.0.5, 2.3.0 > > Attachments: HBASE-21791-branch-1.patch, > HBASE-21791-branch-2.1.patch, HBASE-21791.patch > > > As somebody have already known, that there is a CVE for thrift from 0.5.0 to > 0.11.0. > https://nvd.nist.gov/vuln/detail/CVE-2018-1320 > As the CVE is already public, let's upgrade our thrift dependency and release > new versions ASAP. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[ https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16761051#comment-16761051 ] Andrew Purtell commented on HBASE-21791: [~toffer] If you want to put this in 1.3 it needs to go into 1.4 too I'd say, no objections to that from me. There is no wire compatibility issue as far as community testing has revealed and although it has potential downstream knock on effects I think the security concerns are more important. We made a similar trade off when removing Byte API methods that did unsafe object deserialization a while back. > Upgrade thrift dependency to 0.12.0 > --- > > Key: HBASE-21791 > URL: https://issues.apache.org/jira/browse/HBASE-21791 > Project: HBase > Issue Type: Task > Components: Thrift >Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4 >Reporter: Duo Zhang >Assignee: Duo Zhang >Priority: Blocker > Fix For: 3.0.0, 1.5.0, 2.2.0, 2.1.3, 2.0.5, 2.3.0 > > Attachments: HBASE-21791-branch-1.patch, > HBASE-21791-branch-2.1.patch, HBASE-21791.patch > > > As somebody have already known, that there is a CVE for thrift from 0.5.0 to > 0.11.0. > https://nvd.nist.gov/vuln/detail/CVE-2018-1320 > As the CVE is already public, let's upgrade our thrift dependency and release > new versions ASAP. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[ https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16761038#comment-16761038 ] Francis Liu commented on HBASE-21791: - I'd like to backport this to 1.3. Do I need to wait for this to be backported to 1.4? > Upgrade thrift dependency to 0.12.0 > --- > > Key: HBASE-21791 > URL: https://issues.apache.org/jira/browse/HBASE-21791 > Project: HBase > Issue Type: Task > Components: Thrift >Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4 >Reporter: Duo Zhang >Assignee: Duo Zhang >Priority: Blocker > Fix For: 3.0.0, 1.5.0, 2.2.0, 2.1.3, 2.0.5, 2.3.0 > > Attachments: HBASE-21791-branch-1.patch, > HBASE-21791-branch-2.1.patch, HBASE-21791.patch > > > As somebody have already known, that there is a CVE for thrift from 0.5.0 to > 0.11.0. > https://nvd.nist.gov/vuln/detail/CVE-2018-1320 > As the CVE is already public, let's upgrade our thrift dependency and release > new versions ASAP. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[ https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16759456#comment-16759456 ] Sean Busbey commented on HBASE-21791: - this needs a giant warning of a release note so that folks upgrading know about it. > Upgrade thrift dependency to 0.12.0 > --- > > Key: HBASE-21791 > URL: https://issues.apache.org/jira/browse/HBASE-21791 > Project: HBase > Issue Type: Task > Components: Thrift >Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4 >Reporter: Duo Zhang >Assignee: Duo Zhang >Priority: Blocker > Fix For: 3.0.0, 1.5.0, 2.2.0, 2.1.3, 2.0.5, 2.3.0 > > Attachments: HBASE-21791-branch-1.patch, > HBASE-21791-branch-2.1.patch, HBASE-21791.patch > > > As somebody have already known, that there is a CVE for thrift from 0.5.0 to > 0.11.0. > https://nvd.nist.gov/vuln/detail/CVE-2018-1320 > As the CVE is already public, let's upgrade our thrift dependency and release > new versions ASAP. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[
https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16755626#comment-16755626
]
Hudson commented on HBASE-21791:
Results for branch master
[build #756 on
builds.a.o|https://builds.apache.org/job/HBase%20Nightly/job/master/756/]: (x)
*{color:red}-1 overall{color}*
details (if available):
(/) {color:green}+1 general checks{color}
-- For more information [see general
report|https://builds.apache.org/job/HBase%20Nightly/job/master/756//General_Nightly_Build_Report/]
(x) {color:red}-1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2)
report|https://builds.apache.org/job/HBase%20Nightly/job/master/756//JDK8_Nightly_Build_Report_(Hadoop2)/]
(x) {color:red}-1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3)
report|https://builds.apache.org/job/HBase%20Nightly/job/master/756//JDK8_Nightly_Build_Report_(Hadoop3)/]
(/) {color:green}+1 source release artifact{color}
-- See build output for details.
(/) {color:green}+1 client integration test{color}
> Upgrade thrift dependency to 0.12.0
> ---
>
> Key: HBASE-21791
> URL: https://issues.apache.org/jira/browse/HBASE-21791
> Project: HBase
> Issue Type: Task
> Components: Thrift
>Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4
>Reporter: Duo Zhang
>Assignee: Duo Zhang
>Priority: Blocker
> Fix For: 3.0.0, 1.5.0, 2.2.0, 2.1.3, 2.0.5, 2.3.0
>
> Attachments: HBASE-21791-branch-1.patch,
> HBASE-21791-branch-2.1.patch, HBASE-21791.patch
>
>
> As somebody have already known, that there is a CVE for thrift from 0.5.0 to
> 0.11.0.
> https://nvd.nist.gov/vuln/detail/CVE-2018-1320
> As the CVE is already public, let's upgrade our thrift dependency and release
> new versions ASAP.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[
https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16755588#comment-16755588
]
Hudson commented on HBASE-21791:
Results for branch branch-2.1
[build #813 on
builds.a.o|https://builds.apache.org/job/HBase%20Nightly/job/branch-2.1/813/]:
(/) *{color:green}+1 overall{color}*
details (if available):
(/) {color:green}+1 general checks{color}
-- For more information [see general
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-2.1/813//General_Nightly_Build_Report/]
(/) {color:green}+1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2)
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-2.1/813//JDK8_Nightly_Build_Report_(Hadoop2)/]
(/) {color:green}+1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3)
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-2.1/813//JDK8_Nightly_Build_Report_(Hadoop3)/]
(/) {color:green}+1 source release artifact{color}
-- See build output for details.
(/) {color:green}+1 client integration test{color}
> Upgrade thrift dependency to 0.12.0
> ---
>
> Key: HBASE-21791
> URL: https://issues.apache.org/jira/browse/HBASE-21791
> Project: HBase
> Issue Type: Task
> Components: Thrift
>Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4
>Reporter: Duo Zhang
>Assignee: Duo Zhang
>Priority: Blocker
> Fix For: 3.0.0, 1.5.0, 2.2.0, 2.1.3, 2.0.5, 2.3.0
>
> Attachments: HBASE-21791-branch-1.patch,
> HBASE-21791-branch-2.1.patch, HBASE-21791.patch
>
>
> As somebody have already known, that there is a CVE for thrift from 0.5.0 to
> 0.11.0.
> https://nvd.nist.gov/vuln/detail/CVE-2018-1320
> As the CVE is already public, let's upgrade our thrift dependency and release
> new versions ASAP.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[
https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16755574#comment-16755574
]
Hudson commented on HBASE-21791:
Results for branch branch-1
[build #659 on
builds.a.o|https://builds.apache.org/job/HBase%20Nightly/job/branch-1/659/]:
(x) *{color:red}-1 overall{color}*
details (if available):
(x) {color:red}-1 general checks{color}
-- For more information [see general
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-1/659//General_Nightly_Build_Report/]
(x) {color:red}-1 jdk7 checks{color}
-- For more information [see jdk7
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-1/659//JDK7_Nightly_Build_Report/]
(x) {color:red}-1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2)
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-1/659//JDK8_Nightly_Build_Report_(Hadoop2)/]
(x) {color:red}-1 source release artifact{color}
-- See build output for details.
> Upgrade thrift dependency to 0.12.0
> ---
>
> Key: HBASE-21791
> URL: https://issues.apache.org/jira/browse/HBASE-21791
> Project: HBase
> Issue Type: Task
> Components: Thrift
>Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4
>Reporter: Duo Zhang
>Assignee: Duo Zhang
>Priority: Blocker
> Fix For: 3.0.0, 1.5.0, 2.2.0, 2.1.3, 2.0.5, 2.3.0
>
> Attachments: HBASE-21791-branch-1.patch,
> HBASE-21791-branch-2.1.patch, HBASE-21791.patch
>
>
> As somebody have already known, that there is a CVE for thrift from 0.5.0 to
> 0.11.0.
> https://nvd.nist.gov/vuln/detail/CVE-2018-1320
> As the CVE is already public, let's upgrade our thrift dependency and release
> new versions ASAP.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[
https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16755580#comment-16755580
]
Hudson commented on HBASE-21791:
Results for branch branch-2.0
[build #1297 on
builds.a.o|https://builds.apache.org/job/HBase%20Nightly/job/branch-2.0/1297/]:
(/) *{color:green}+1 overall{color}*
details (if available):
(/) {color:green}+1 general checks{color}
-- For more information [see general
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-2.0/1297//General_Nightly_Build_Report/]
(/) {color:green}+1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2)
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-2.0/1297//JDK8_Nightly_Build_Report_(Hadoop2)/]
(/) {color:green}+1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3)
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-2.0/1297//JDK8_Nightly_Build_Report_(Hadoop3)/]
(/) {color:green}+1 source release artifact{color}
-- See build output for details.
> Upgrade thrift dependency to 0.12.0
> ---
>
> Key: HBASE-21791
> URL: https://issues.apache.org/jira/browse/HBASE-21791
> Project: HBase
> Issue Type: Task
> Components: Thrift
>Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4
>Reporter: Duo Zhang
>Assignee: Duo Zhang
>Priority: Blocker
> Fix For: 3.0.0, 1.5.0, 2.2.0, 2.1.3, 2.0.5, 2.3.0
>
> Attachments: HBASE-21791-branch-1.patch,
> HBASE-21791-branch-2.1.patch, HBASE-21791.patch
>
>
> As somebody have already known, that there is a CVE for thrift from 0.5.0 to
> 0.11.0.
> https://nvd.nist.gov/vuln/detail/CVE-2018-1320
> As the CVE is already public, let's upgrade our thrift dependency and release
> new versions ASAP.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[
https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16755479#comment-16755479
]
Hudson commented on HBASE-21791:
Results for branch branch-2.2
[build #2 on
builds.a.o|https://builds.apache.org/job/HBase%20Nightly/job/branch-2.2/2/]:
(x) *{color:red}-1 overall{color}*
details (if available):
(/) {color:green}+1 general checks{color}
-- For more information [see general
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-2.2/2//General_Nightly_Build_Report/]
(x) {color:red}-1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2)
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-2.2/2//JDK8_Nightly_Build_Report_(Hadoop2)/]
(x) {color:red}-1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3)
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-2.2/2//JDK8_Nightly_Build_Report_(Hadoop3)/]
(/) {color:green}+1 source release artifact{color}
-- See build output for details.
(/) {color:green}+1 client integration test{color}
> Upgrade thrift dependency to 0.12.0
> ---
>
> Key: HBASE-21791
> URL: https://issues.apache.org/jira/browse/HBASE-21791
> Project: HBase
> Issue Type: Task
> Components: Thrift
>Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4
>Reporter: Duo Zhang
>Assignee: Duo Zhang
>Priority: Blocker
> Fix For: 3.0.0, 1.5.0, 2.2.0, 2.1.3, 2.0.5, 2.3.0
>
> Attachments: HBASE-21791-branch-1.patch,
> HBASE-21791-branch-2.1.patch, HBASE-21791.patch
>
>
> As somebody have already known, that there is a CVE for thrift from 0.5.0 to
> 0.11.0.
> https://nvd.nist.gov/vuln/detail/CVE-2018-1320
> As the CVE is already public, let's upgrade our thrift dependency and release
> new versions ASAP.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[
https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16755468#comment-16755468
]
Hudson commented on HBASE-21791:
Results for branch branch-2
[build #1644 on
builds.a.o|https://builds.apache.org/job/HBase%20Nightly/job/branch-2/1644/]:
(x) *{color:red}-1 overall{color}*
details (if available):
(/) {color:green}+1 general checks{color}
-- For more information [see general
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-2/1644//General_Nightly_Build_Report/]
(x) {color:red}-1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2)
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-2/1644//JDK8_Nightly_Build_Report_(Hadoop2)/]
(/) {color:green}+1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3)
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-2/1644//JDK8_Nightly_Build_Report_(Hadoop3)/]
(/) {color:green}+1 source release artifact{color}
-- See build output for details.
(/) {color:green}+1 client integration test{color}
> Upgrade thrift dependency to 0.12.0
> ---
>
> Key: HBASE-21791
> URL: https://issues.apache.org/jira/browse/HBASE-21791
> Project: HBase
> Issue Type: Task
> Components: Thrift
>Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4
>Reporter: Duo Zhang
>Assignee: Duo Zhang
>Priority: Blocker
> Fix For: 3.0.0, 1.5.0, 2.2.0, 2.1.3, 2.0.5, 2.3.0
>
> Attachments: HBASE-21791-branch-1.patch,
> HBASE-21791-branch-2.1.patch, HBASE-21791.patch
>
>
> As somebody have already known, that there is a CVE for thrift from 0.5.0 to
> 0.11.0.
> https://nvd.nist.gov/vuln/detail/CVE-2018-1320
> As the CVE is already public, let's upgrade our thrift dependency and release
> new versions ASAP.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[ https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16754992#comment-16754992 ] Duo Zhang commented on HBASE-21791: --- Pushed to branch-2.0+. > Upgrade thrift dependency to 0.12.0 > --- > > Key: HBASE-21791 > URL: https://issues.apache.org/jira/browse/HBASE-21791 > Project: HBase > Issue Type: Task > Components: Thrift >Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4 >Reporter: Duo Zhang >Assignee: Duo Zhang >Priority: Blocker > Fix For: 3.0.0, 1.5.0, 2.2.0, 1.4.10, 2.1.3, 2.0.5, 2.3.0 > > Attachments: HBASE-21791-branch-1.patch, > HBASE-21791-branch-2.1.patch, HBASE-21791.patch > > > As somebody have already known, that there is a CVE for thrift from 0.5.0 to > 0.11.0. > https://nvd.nist.gov/vuln/detail/CVE-2018-1320 > As the CVE is already public, let's upgrade our thrift dependency and release > new versions ASAP. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[
https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16754562#comment-16754562
]
Hadoop QA commented on HBASE-21791:
---
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m
18s{color} | {color:blue} Docker mode activated. {color} |
|| || || || {color:brown} Prechecks {color} ||
| {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m
1s{color} | {color:blue} Findbugs executables are not available. {color} |
| {color:green}+1{color} | {color:green} hbaseanti {color} | {color:green} 0m
0s{color} | {color:green} Patch does not have any anti-patterns. {color} |
| {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m
0s{color} | {color:green} The patch does not contain any @author tags. {color} |
| {color:orange}-0{color} | {color:orange} test4tests {color} | {color:orange}
0m 0s{color} | {color:orange} The patch doesn't appear to include any new or
modified tests. Please justify why no new tests are needed for this patch. Also
please list what manual steps were performed to verify this patch. {color} |
|| || || || {color:brown} branch-1 Compile Tests {color} ||
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m
51s{color} | {color:blue} Maven dependency ordering for branch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 1m
44s{color} | {color:green} branch-1 passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 1m
34s{color} | {color:green} branch-1 passed with JDK v1.8.0_201 {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 1m
31s{color} | {color:green} branch-1 passed with JDK v1.7.0_201 {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 5m
10s{color} | {color:green} branch-1 passed {color} |
| {color:green}+1{color} | {color:green} shadedjars {color} | {color:green} 2m
44s{color} | {color:green} branch has no errors when building our shaded
downstream artifacts. {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 2m
12s{color} | {color:green} branch-1 passed with JDK v1.8.0_201 {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 3m
25s{color} | {color:green} branch-1 passed with JDK v1.7.0_201 {color} |
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m
17s{color} | {color:blue} Maven dependency ordering for patch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 1m
37s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 1m
26s{color} | {color:green} the patch passed with JDK v1.8.0_201 {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 1m
26s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 1m
25s{color} | {color:green} the patch passed with JDK v1.7.0_201 {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 1m
25s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 5m
14s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m
0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:red}-1{color} | {color:red} xml {color} | {color:red} 0m 0s{color} |
{color:red} The patch has 2 ill-formed XML file(s). {color} |
| {color:green}+1{color} | {color:green} shadedjars {color} | {color:green} 2m
41s{color} | {color:green} patch has no errors when building our shaded
downstream artifacts. {color} |
| {color:green}+1{color} | {color:green} hadoopcheck {color} | {color:green}
1m 36s{color} | {color:green} Patch does not cause any errors with Hadoop
2.7.4. {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 2m
12s{color} | {color:green} the patch passed with JDK v1.8.0_201 {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 5m
17s{color} | {color:green} the patch passed with JDK v1.7.0_201 {color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:green}+1{color} | {color:green} unit {color} | {color:green}152m
24s{color} | {color:green} root in the patch passed. {color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m
39s{color} | {color:green} The patch does not generate ASF License warnings.
{color} |
| {color:black}{color} | {color:black} {color} | {color:black}197m 16s{color} |
{color:black}
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[ https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16754503#comment-16754503 ] Andrew Purtell commented on HBASE-21791: +1 > Upgrade thrift dependency to 0.12.0 > --- > > Key: HBASE-21791 > URL: https://issues.apache.org/jira/browse/HBASE-21791 > Project: HBase > Issue Type: Task > Components: Thrift >Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4 >Reporter: Duo Zhang >Assignee: Duo Zhang >Priority: Blocker > Fix For: 3.0.0, 1.5.0, 2.2.0, 1.4.10, 2.1.3, 2.0.5 > > Attachments: HBASE-21791-branch-1.patch, > HBASE-21791-branch-2.1.patch, HBASE-21791.patch > > > As somebody have already known, that there is a CVE for thrift from 0.5.0 to > 0.11.0. > https://nvd.nist.gov/vuln/detail/CVE-2018-1320 > As the CVE is already public, let's upgrade our thrift dependency and release > new versions ASAP. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[ https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16754477#comment-16754477 ] Duo Zhang commented on HBASE-21791: --- The failed UT for branch-2.1 is TestRegionReplicaReplicationEndpoint, which is not related. I need a +1 to patch all the branch-2.0+ branches, and then start to release 2.1.3 and 2.0.5. > Upgrade thrift dependency to 0.12.0 > --- > > Key: HBASE-21791 > URL: https://issues.apache.org/jira/browse/HBASE-21791 > Project: HBase > Issue Type: Task > Components: Thrift >Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4 >Reporter: Duo Zhang >Assignee: Duo Zhang >Priority: Blocker > Fix For: 3.0.0, 1.5.0, 2.2.0, 1.4.10, 2.1.3, 2.0.5 > > Attachments: HBASE-21791-branch-1.patch, > HBASE-21791-branch-2.1.patch, HBASE-21791.patch > > > As somebody have already known, that there is a CVE for thrift from 0.5.0 to > 0.11.0. > https://nvd.nist.gov/vuln/detail/CVE-2018-1320 > As the CVE is already public, let's upgrade our thrift dependency and release > new versions ASAP. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[
https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16754457#comment-16754457
]
Andrew Purtell commented on HBASE-21791:
branch-1 patch passes all thrift unit tests
{noformat}
[INFO] ---
[INFO] T E S T S
[INFO] ---
[INFO] Running
org.apache.hadoop.hbase.thrift2.TestThriftHBaseServiceHandlerWithReadOnly
[INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.18 s
- in org.apache.hadoop.hbase.thrift2.TestThriftHBaseServiceHandlerWithReadOnly
[INFO] Running org.apache.hadoop.hbase.thrift2.TestThriftHBaseServiceHandler
[INFO] Tests run: 30, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 47.394
s - in org.apache.hadoop.hbase.thrift2.TestThriftHBaseServiceHandler
[INFO] Running
org.apache.hadoop.hbase.thrift2.TestThriftHBaseServiceHandlerWithLabels
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.417 s
- in org.apache.hadoop.hbase.thrift2.TestThriftHBaseServiceHandlerWithLabels
[INFO] Running org.apache.hadoop.hbase.thrift.TestCallQueue
[INFO] Tests run: 18, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.24 s
- in org.apache.hadoop.hbase.thrift.TestCallQueue
[INFO] Running org.apache.hadoop.hbase.thrift.TestThriftHttpServer
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 7.623 s
- in org.apache.hadoop.hbase.thrift.TestThriftHttpServer
[INFO] Running org.apache.hadoop.hbase.thrift.TestThriftServer
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 88.488 s
- in org.apache.hadoop.hbase.thrift.TestThriftServer
[INFO] Running org.apache.hadoop.hbase.thrift.TestThriftServerCmdLine
[INFO] Tests run: 32, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 53.71 s
- in org.apache.hadoop.hbase.thrift.TestThriftServerCmdLine
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 110, Failures: 0, Errors: 0, Skipped: 0
{noformat}
> Upgrade thrift dependency to 0.12.0
> ---
>
> Key: HBASE-21791
> URL: https://issues.apache.org/jira/browse/HBASE-21791
> Project: HBase
> Issue Type: Task
> Components: Thrift
>Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4
>Reporter: Duo Zhang
>Assignee: Duo Zhang
>Priority: Blocker
> Fix For: 3.0.0, 1.5.0, 2.2.0, 1.4.10, 2.1.3, 2.0.5
>
> Attachments: HBASE-21791-branch-1.patch,
> HBASE-21791-branch-2.1.patch, HBASE-21791.patch
>
>
> As somebody have already known, that there is a CVE for thrift from 0.5.0 to
> 0.11.0.
> https://nvd.nist.gov/vuln/detail/CVE-2018-1320
> As the CVE is already public, let's upgrade our thrift dependency and release
> new versions ASAP.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[ https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16754218#comment-16754218 ] Andrew Purtell commented on HBASE-21791: It's fine to put this in now. 1.6 is perhaps a ways off. I will make a branch-1 patch today and attach it here. > Upgrade thrift dependency to 0.12.0 > --- > > Key: HBASE-21791 > URL: https://issues.apache.org/jira/browse/HBASE-21791 > Project: HBase > Issue Type: Task > Components: Thrift >Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4 >Reporter: Duo Zhang >Assignee: Duo Zhang >Priority: Blocker > Fix For: 3.0.0, 1.5.0, 2.2.0, 1.4.10, 2.1.3, 2.0.5 > > Attachments: HBASE-21791-branch-2.1.patch, HBASE-21791.patch > > > As somebody have already known, that there is a CVE for thrift from 0.5.0 to > 0.11.0. > https://nvd.nist.gov/vuln/detail/CVE-2018-1320 > As the CVE is already public, let's upgrade our thrift dependency and release > new versions ASAP. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[
https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16754101#comment-16754101
]
Hadoop QA commented on HBASE-21791:
---
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m
15s{color} | {color:blue} Docker mode activated. {color} |
|| || || || {color:brown} Prechecks {color} ||
| {color:green}+1{color} | {color:green} hbaseanti {color} | {color:green} 0m
0s{color} | {color:green} Patch does not have any anti-patterns. {color} |
| {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m
0s{color} | {color:green} The patch does not contain any @author tags. {color} |
| {color:orange}-0{color} | {color:orange} test4tests {color} | {color:orange}
0m 0s{color} | {color:orange} The patch doesn't appear to include any new or
modified tests. Please justify why no new tests are needed for this patch. Also
please list what manual steps were performed to verify this patch. {color} |
|| || || || {color:brown} branch-2.1 Compile Tests {color} ||
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 1m
4s{color} | {color:blue} Maven dependency ordering for branch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 6m
9s{color} | {color:green} branch-2.1 passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 21m
29s{color} | {color:green} branch-2.1 passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 2m
32s{color} | {color:green} branch-2.1 passed {color} |
| {color:green}+1{color} | {color:green} shadedjars {color} | {color:green} 4m
4s{color} | {color:green} branch has no errors when building our shaded
downstream artifacts. {color} |
| {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m
0s{color} | {color:blue} Skipped patched modules with no Java source: . {color}
|
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m
14s{color} | {color:green} branch-2.1 passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 2m
50s{color} | {color:green} branch-2.1 passed {color} |
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m
13s{color} | {color:blue} Maven dependency ordering for patch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 4m
20s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 21m
12s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 21m
12s{color} | {color:green} root generated 0 new + 1286 unchanged - 10 fixed =
1286 total (was 1296) {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 2m
28s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m
0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m
1s{color} | {color:green} The patch has no ill-formed XML file. {color} |
| {color:green}+1{color} | {color:green} shadedjars {color} | {color:green} 4m
6s{color} | {color:green} patch has no errors when building our shaded
downstream artifacts. {color} |
| {color:green}+1{color} | {color:green} hadoopcheck {color} | {color:green}
9m 7s{color} | {color:green} Patch does not cause any errors with Hadoop 2.7.4
or 3.0.0. {color} |
| {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m
0s{color} | {color:blue} Skipped patched modules with no Java source: . {color}
|
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m
13s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 2m
46s{color} | {color:green} the patch passed {color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:red}-1{color} | {color:red} unit {color} | {color:red}141m 51s{color}
| {color:red} root in the patch failed. {color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m
46s{color} | {color:green} The patch does not generate ASF License warnings.
{color} |
| {color:black}{color} | {color:black} {color} | {color:black}230m 53s{color} |
{color:black} {color} |
\\
\\
|| Subsystem || Report/Notes ||
| Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/hbase:42ca976 |
| JIRA Issue | HBASE-21791 |
| JIRA Patch URL |
https://issues.apache.org/jira/secure/attachment/12956572/HBASE-21791-branch-2.1.patch
|
| Optional Tests | dupname asflicense javac
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[ https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16754092#comment-16754092 ] Sean Busbey commented on HBASE-21791: - I would say 1.6, but only because I think [~apurtell] is close to starting RCs for 1.5 so don't want to disrupt things. Once I've had some time to see how the update impacts users I'd consider inclusion in branch-1.2. > Upgrade thrift dependency to 0.12.0 > --- > > Key: HBASE-21791 > URL: https://issues.apache.org/jira/browse/HBASE-21791 > Project: HBase > Issue Type: Task > Components: Thrift >Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4 >Reporter: Duo Zhang >Assignee: Duo Zhang >Priority: Blocker > Fix For: 3.0.0, 1.5.0, 2.2.0, 1.4.10, 2.1.3, 2.0.5 > > Attachments: HBASE-21791-branch-2.1.patch, HBASE-21791.patch > > > As somebody have already known, that there is a CVE for thrift from 0.5.0 to > 0.11.0. > https://nvd.nist.gov/vuln/detail/CVE-2018-1320 > As the CVE is already public, let's upgrade our thrift dependency and release > new versions ASAP. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[ https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16753949#comment-16753949 ] Duo Zhang commented on HBASE-21791: --- The master patch can be applied to branch-2, and the patch for branch-2.1 can also be applied to branch-2.0. [~apurtell] [~busbey] What is the plan for 1.x releases? Which minor releases do we want to patch? Thanks. > Upgrade thrift dependency to 0.12.0 > --- > > Key: HBASE-21791 > URL: https://issues.apache.org/jira/browse/HBASE-21791 > Project: HBase > Issue Type: Task > Components: Thrift >Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4 >Reporter: Duo Zhang >Assignee: Duo Zhang >Priority: Blocker > Fix For: 3.0.0, 1.5.0, 2.2.0, 1.4.10, 2.1.3, 2.0.5 > > Attachments: HBASE-21791-branch-2.1.patch, HBASE-21791.patch > > > As somebody have already known, that there is a CVE for thrift from 0.5.0 to > 0.11.0. > https://nvd.nist.gov/vuln/detail/CVE-2018-1320 > As the CVE is already public, let's upgrade our thrift dependency and release > new versions ASAP. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[
https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16753342#comment-16753342
]
Duo Zhang commented on HBASE-21791:
---
All green, good. The way to generate the patch is:
1. Change the thrift.version to 0.12.0 in the root pom.xml.
2. Use the thrift compiler to generate the java code both thrift1 and thrift2.
The command is
{noformat}
thrift --gen java thrift/Hbase.thrift
thrift --gen java thrift2/hbase.thrift
{noformat}
The generated java code files will be placed under the gen-java directory,
please move them to the src/main/java directory. Haven't tried to set output
directory directly when running thrift command, maybe also fine.
Try 'mvn clean install -DskipTests' to see if there are compile errors, if not,
we are done.
> Upgrade thrift dependency to 0.12.0
> ---
>
> Key: HBASE-21791
> URL: https://issues.apache.org/jira/browse/HBASE-21791
> Project: HBase
> Issue Type: Task
> Components: Thrift
>Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4
>Reporter: Duo Zhang
>Assignee: Duo Zhang
>Priority: Blocker
> Fix For: 3.0.0, 1.5.0, 2.2.0, 1.4.10, 2.1.3, 2.0.5
>
> Attachments: HBASE-21791.patch
>
>
> As somebody have already known, that there is a CVE for thrift from 0.5.0 to
> 0.11.0.
> https://nvd.nist.gov/vuln/detail/CVE-2018-1320
> As the CVE is already public, let's upgrade our thrift dependency and release
> new versions ASAP.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[
https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16753319#comment-16753319
]
Hadoop QA commented on HBASE-21791:
---
| (/) *{color:green}+1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m
14s{color} | {color:blue} Docker mode activated. {color} |
|| || || || {color:brown} Prechecks {color} ||
| {color:green}+1{color} | {color:green} hbaseanti {color} | {color:green} 0m
0s{color} | {color:green} Patch does not have any anti-patterns. {color} |
| {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m
0s{color} | {color:green} The patch does not contain any @author tags. {color} |
| {color:orange}-0{color} | {color:orange} test4tests {color} | {color:orange}
0m 0s{color} | {color:orange} The patch doesn't appear to include any new or
modified tests. Please justify why no new tests are needed for this patch. Also
please list what manual steps were performed to verify this patch. {color} |
|| || || || {color:brown} master Compile Tests {color} ||
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m
26s{color} | {color:blue} Maven dependency ordering for branch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 4m
45s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 5m
55s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 2m
25s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} shadedjars {color} | {color:green} 4m
31s{color} | {color:green} branch has no errors when building our shaded
downstream artifacts. {color} |
| {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m
0s{color} | {color:blue} Skipped patched modules with no Java source: . {color}
|
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m
13s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 2m
52s{color} | {color:green} master passed {color} |
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m
13s{color} | {color:blue} Maven dependency ordering for patch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 4m
39s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 5m
57s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 5m
57s{color} | {color:green} root generated 0 new + 1136 unchanged - 15 fixed =
1136 total (was 1151) {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 2m
25s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m
0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m
1s{color} | {color:green} The patch has no ill-formed XML file. {color} |
| {color:green}+1{color} | {color:green} shadedjars {color} | {color:green} 4m
30s{color} | {color:green} patch has no errors when building our shaded
downstream artifacts. {color} |
| {color:green}+1{color} | {color:green} hadoopcheck {color} | {color:green}
9m 46s{color} | {color:green} Patch does not cause any errors with Hadoop 2.7.4
or 3.0.0. {color} |
| {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m
0s{color} | {color:blue} Skipped patched modules with no Java source: . {color}
|
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m
26s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 3m
1s{color} | {color:green} the patch passed {color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:green}+1{color} | {color:green} unit {color} | {color:green}191m
36s{color} | {color:green} root in the patch passed. {color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m
56s{color} | {color:green} The patch does not generate ASF License warnings.
{color} |
| {color:black}{color} | {color:black} {color} | {color:black}250m 47s{color} |
{color:black} {color} |
\\
\\
|| Subsystem || Report/Notes ||
| Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/hbase:b002b0b |
| JIRA Issue | HBASE-21791 |
| JIRA Patch URL |
https://issues.apache.org/jira/secure/attachment/12956476/HBASE-21791.patch |
| Optional Tests | dupname asflicense javac javadoc unit findbugs
[jira] [Commented] (HBASE-21791) Upgrade thrift dependency to 0.12.0
[ https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16753269#comment-16753269 ] Duo Zhang commented on HBASE-21791: --- I really think we should purge the thrift generated code from our code base... > Upgrade thrift dependency to 0.12.0 > --- > > Key: HBASE-21791 > URL: https://issues.apache.org/jira/browse/HBASE-21791 > Project: HBase > Issue Type: Task > Components: Thrift >Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4 >Reporter: Duo Zhang >Assignee: Duo Zhang >Priority: Blocker > Fix For: 3.0.0, 1.5.0, 2.2.0, 1.4.10, 2.1.3, 2.0.5 > > Attachments: HBASE-21791.patch > > > As somebody have already known, that there is a CVE for thrift from 0.5.0 to > 0.11.0. > https://nvd.nist.gov/vuln/detail/CVE-2018-1320 > As the CVE is already public, let's upgrade our thrift dependency and release > new versions ASAP. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
