[jira] [Updated] (HBASE-14045) Bumping thrift version to 0.9.2.
[
https://issues.apache.org/jira/browse/HBASE-14045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Srikanth Srungarapu updated HBASE-14045:
Resolution: Fixed
Hadoop Flags: Reviewed
Release Note: This changes upgrades thrift dependency of HBase to 0.9.2.
Though this doesn't break any HBase compatibility promises, it might impact any
downstream projects that share thrift dependency with HBase.
Status: Resolved (was: Patch Available)
Bumping thrift version to 0.9.2.
Key: HBASE-14045
URL: https://issues.apache.org/jira/browse/HBASE-14045
Project: HBase
Issue Type: Improvement
Reporter: Srikanth Srungarapu
Assignee: Srikanth Srungarapu
Fix For: 2.0.0, 1.3.0
Attachments: HBASE-14045-branch-1.patch, HBASE-14045.patch,
compat_report.html
From mailing list conversation:
{quote}
Currently, HBase is using Thrift 0.9.0 version, with the latest version
being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes due
to THRIFT-2660 when used with default transport and the workaround for this
problem is switching to framed transport. Unfortunately, the recently added
impersonation support \[1\] doesn't work with framed transport leaving thrift
gateway using this feature susceptible to crashes. Updating thrift version
to 0.9.2 will help us in mitigating this problem. Given that security is one
of key requirements for the production clusters, it would be good to ensure
our users that security features in thrift gateway can be used without any
major concerns. Aside this, there are also some nice fixes pertaining to
leaky resources in 0.9.2 like \[2\] and \[3\].
As far compatibility guarantees are concerned, thrift assures 100% wire
compatibility. However, it is my understanding that there were some minor
additions (new API) in 0.9.2 \[4\] which won't work in 0.9.0, but that won't
affect us since we are not using those features. And I tried running test
suite and did manual testing with thrift version set to 0.9.2 and things are
running smoothly. If there are no objections to this change, I would be more
than happy to file a jira and follow this up.
\[1\] https://issues.apache.org/jira/browse/HBASE-11349
\[2\] https://issues.apache.org/jira/browse/THRIFT-2274
\[3\] https://issues.apache.org/jira/browse/THRIFT-2359
\[4\]
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800version=12324954
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-14045) Bumping thrift version to 0.9.2.
[
https://issues.apache.org/jira/browse/HBASE-14045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Srikanth Srungarapu updated HBASE-14045:
Attachment: compat_report.html
Bumping thrift version to 0.9.2.
Key: HBASE-14045
URL: https://issues.apache.org/jira/browse/HBASE-14045
Project: HBase
Issue Type: Improvement
Reporter: Srikanth Srungarapu
Assignee: Srikanth Srungarapu
Fix For: 2.0.0, 1.3.0
Attachments: HBASE-14045-branch-1.patch, HBASE-14045.patch,
compat_report.html
From mailing list conversation:
{quote}
Currently, HBase is using Thrift 0.9.0 version, with the latest version
being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes due
to THRIFT-2660 when used with default transport and the workaround for this
problem is switching to framed transport. Unfortunately, the recently added
impersonation support \[1\] doesn't work with framed transport leaving thrift
gateway using this feature susceptible to crashes. Updating thrift version
to 0.9.2 will help us in mitigating this problem. Given that security is one
of key requirements for the production clusters, it would be good to ensure
our users that security features in thrift gateway can be used without any
major concerns. Aside this, there are also some nice fixes pertaining to
leaky resources in 0.9.2 like \[2\] and \[3\].
As far compatibility guarantees are concerned, thrift assures 100% wire
compatibility. However, it is my understanding that there were some minor
additions (new API) in 0.9.2 \[4\] which won't work in 0.9.0, but that won't
affect us since we are not using those features. And I tried running test
suite and did manual testing with thrift version set to 0.9.2 and things are
running smoothly. If there are no objections to this change, I would be more
than happy to file a jira and follow this up.
\[1\] https://issues.apache.org/jira/browse/HBASE-11349
\[2\] https://issues.apache.org/jira/browse/THRIFT-2274
\[3\] https://issues.apache.org/jira/browse/THRIFT-2359
\[4\]
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800version=12324954
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-14045) Bumping thrift version to 0.9.2.
[
https://issues.apache.org/jira/browse/HBASE-14045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Srikanth Srungarapu updated HBASE-14045:
Attachment: HBASE-14045.patch
Bumping thrift version to 0.9.2.
Key: HBASE-14045
URL: https://issues.apache.org/jira/browse/HBASE-14045
Project: HBase
Issue Type: Improvement
Reporter: Srikanth Srungarapu
Assignee: Srikanth Srungarapu
Fix For: 2.0.0, 1.3.0
Attachments: HBASE-14045-branch-1.patch, HBASE-14045.patch,
compat_report.html
From mailing list conversation:
{quote}
Currently, HBase is using Thrift 0.9.0 version, with the latest version
being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes due
to THRIFT-2660 when used with default transport and the workaround for this
problem is switching to framed transport. Unfortunately, the recently added
impersonation support \[1\] doesn't work with framed transport leaving thrift
gateway using this feature susceptible to crashes. Updating thrift version
to 0.9.2 will help us in mitigating this problem. Given that security is one
of key requirements for the production clusters, it would be good to ensure
our users that security features in thrift gateway can be used without any
major concerns. Aside this, there are also some nice fixes pertaining to
leaky resources in 0.9.2 like \[2\] and \[3\].
As far compatibility guarantees are concerned, thrift assures 100% wire
compatibility. However, it is my understanding that there were some minor
additions (new API) in 0.9.2 \[4\] which won't work in 0.9.0, but that won't
affect us since we are not using those features. And I tried running test
suite and did manual testing with thrift version set to 0.9.2 and things are
running smoothly. If there are no objections to this change, I would be more
than happy to file a jira and follow this up.
\[1\] https://issues.apache.org/jira/browse/HBASE-11349
\[2\] https://issues.apache.org/jira/browse/THRIFT-2274
\[3\] https://issues.apache.org/jira/browse/THRIFT-2359
\[4\]
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800version=12324954
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-14045) Bumping thrift version to 0.9.2.
[
https://issues.apache.org/jira/browse/HBASE-14045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Srikanth Srungarapu updated HBASE-14045:
Attachment: (was: HBASE-14045.patch)
Bumping thrift version to 0.9.2.
Key: HBASE-14045
URL: https://issues.apache.org/jira/browse/HBASE-14045
Project: HBase
Issue Type: Improvement
Reporter: Srikanth Srungarapu
Assignee: Srikanth Srungarapu
Fix For: 2.0.0, 1.3.0
Attachments: HBASE-14045-branch-1.patch, HBASE-14045.patch,
compat_report.html
From mailing list conversation:
{quote}
Currently, HBase is using Thrift 0.9.0 version, with the latest version
being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes due
to THRIFT-2660 when used with default transport and the workaround for this
problem is switching to framed transport. Unfortunately, the recently added
impersonation support \[1\] doesn't work with framed transport leaving thrift
gateway using this feature susceptible to crashes. Updating thrift version
to 0.9.2 will help us in mitigating this problem. Given that security is one
of key requirements for the production clusters, it would be good to ensure
our users that security features in thrift gateway can be used without any
major concerns. Aside this, there are also some nice fixes pertaining to
leaky resources in 0.9.2 like \[2\] and \[3\].
As far compatibility guarantees are concerned, thrift assures 100% wire
compatibility. However, it is my understanding that there were some minor
additions (new API) in 0.9.2 \[4\] which won't work in 0.9.0, but that won't
affect us since we are not using those features. And I tried running test
suite and did manual testing with thrift version set to 0.9.2 and things are
running smoothly. If there are no objections to this change, I would be more
than happy to file a jira and follow this up.
\[1\] https://issues.apache.org/jira/browse/HBASE-11349
\[2\] https://issues.apache.org/jira/browse/THRIFT-2274
\[3\] https://issues.apache.org/jira/browse/THRIFT-2359
\[4\]
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800version=12324954
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-14045) Bumping thrift version to 0.9.2.
[
https://issues.apache.org/jira/browse/HBASE-14045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Srikanth Srungarapu updated HBASE-14045:
Status: Patch Available (was: Open)
Bumping thrift version to 0.9.2.
Key: HBASE-14045
URL: https://issues.apache.org/jira/browse/HBASE-14045
Project: HBase
Issue Type: Improvement
Reporter: Srikanth Srungarapu
Assignee: Srikanth Srungarapu
Fix For: 2.0.0, 1.3.0
Attachments: HBASE-14045.patch
From mailing list conversation:
{quote}
Currently, HBase is using Thrift 0.9.0 version, with the latest version
being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes due
to THRIFT-2660 when used with default transport and the workaround for this
problem is switching to framed transport. Unfortunately, the recently added
impersonation support \[1\] doesn't work with framed transport leaving thrift
gateway using this feature susceptible to crashes. Updating thrift version
to 0.9.2 will help us in mitigating this problem. Given that security is one
of key requirements for the production clusters, it would be good to ensure
our users that security features in thrift gateway can be used without any
major concerns. Aside this, there are also some nice fixes pertaining to
leaky resources in 0.9.2 like \[2\] and \[3\].
As far compatibility guarantees are concerned, thrift assures 100% wire
compatibility. However, it is my understanding that there were some minor
additions (new API) in 0.9.2 \[4\] which won't work in 0.9.0, but that won't
affect us since we are not using those features. And I tried running test
suite and did manual testing with thrift version set to 0.9.2 and things are
running smoothly. If there are no objections to this change, I would be more
than happy to file a jira and follow this up.
\[1\] https://issues.apache.org/jira/browse/HBASE-11349
\[2\] https://issues.apache.org/jira/browse/THRIFT-2274
\[3\] https://issues.apache.org/jira/browse/THRIFT-2359
\[4\]
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800version=12324954
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-14045) Bumping thrift version to 0.9.2.
[
https://issues.apache.org/jira/browse/HBASE-14045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Srikanth Srungarapu updated HBASE-14045:
Attachment: HBASE-14045.patch
Bumping thrift version to 0.9.2.
Key: HBASE-14045
URL: https://issues.apache.org/jira/browse/HBASE-14045
Project: HBase
Issue Type: Improvement
Reporter: Srikanth Srungarapu
Assignee: Srikanth Srungarapu
Fix For: 2.0.0, 1.3.0
Attachments: HBASE-14045.patch
From mailing list conversation:
{quote}
Currently, HBase is using Thrift 0.9.0 version, with the latest version
being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes due
to THRIFT-2660 when used with default transport and the workaround for this
problem is switching to framed transport. Unfortunately, the recently added
impersonation support \[1\] doesn't work with framed transport leaving thrift
gateway using this feature susceptible to crashes. Updating thrift version
to 0.9.2 will help us in mitigating this problem. Given that security is one
of key requirements for the production clusters, it would be good to ensure
our users that security features in thrift gateway can be used without any
major concerns. Aside this, there are also some nice fixes pertaining to
leaky resources in 0.9.2 like \[2\] and \[3\].
As far compatibility guarantees are concerned, thrift assures 100% wire
compatibility. However, it is my understanding that there were some minor
additions (new API) in 0.9.2 \[4\] which won't work in 0.9.0, but that won't
affect us since we are not using those features. And I tried running test
suite and did manual testing with thrift version set to 0.9.2 and things are
running smoothly. If there are no objections to this change, I would be more
than happy to file a jira and follow this up.
\[1\] https://issues.apache.org/jira/browse/HBASE-11349
\[2\] https://issues.apache.org/jira/browse/THRIFT-2274
\[3\] https://issues.apache.org/jira/browse/THRIFT-2359
\[4\]
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800version=12324954
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-14045) Bumping thrift version to 0.9.2.
[
https://issues.apache.org/jira/browse/HBASE-14045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Srikanth Srungarapu updated HBASE-14045:
Attachment: HBASE-14045-branch-1.patch
Bumping thrift version to 0.9.2.
Key: HBASE-14045
URL: https://issues.apache.org/jira/browse/HBASE-14045
Project: HBase
Issue Type: Improvement
Reporter: Srikanth Srungarapu
Assignee: Srikanth Srungarapu
Fix For: 2.0.0, 1.3.0
Attachments: HBASE-14045-branch-1.patch, HBASE-14045.patch
From mailing list conversation:
{quote}
Currently, HBase is using Thrift 0.9.0 version, with the latest version
being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes due
to THRIFT-2660 when used with default transport and the workaround for this
problem is switching to framed transport. Unfortunately, the recently added
impersonation support \[1\] doesn't work with framed transport leaving thrift
gateway using this feature susceptible to crashes. Updating thrift version
to 0.9.2 will help us in mitigating this problem. Given that security is one
of key requirements for the production clusters, it would be good to ensure
our users that security features in thrift gateway can be used without any
major concerns. Aside this, there are also some nice fixes pertaining to
leaky resources in 0.9.2 like \[2\] and \[3\].
As far compatibility guarantees are concerned, thrift assures 100% wire
compatibility. However, it is my understanding that there were some minor
additions (new API) in 0.9.2 \[4\] which won't work in 0.9.0, but that won't
affect us since we are not using those features. And I tried running test
suite and did manual testing with thrift version set to 0.9.2 and things are
running smoothly. If there are no objections to this change, I would be more
than happy to file a jira and follow this up.
\[1\] https://issues.apache.org/jira/browse/HBASE-11349
\[2\] https://issues.apache.org/jira/browse/THRIFT-2274
\[3\] https://issues.apache.org/jira/browse/THRIFT-2359
\[4\]
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800version=12324954
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
