> Unfortunately, the recently added > impersonation support [1] doesn't work with framed transport leaving thrift > gateway using this feature susceptible to crashes. Updating thrift version > to 0.9.2 will help us in mitigating this problem.
Can you say more about how the problem is mitigated? What fix versions are you thinking of? Filing a JIRA sounds good. On Wed, Jul 8, 2015 at 11:42 AM, Srikanth Srungarapu <[email protected]> wrote: > Hi Folks, > > Currently, HBase is using Thrift 0.9.0 version, with the latest version > being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes > due to THRIFT-2660 <https://issues.apache.org/jira/browse/THRIFT-2660> > when > used with default transport and the workaround for this problem is > switching to framed transport. Unfortunately, the recently added > impersonation support [1] doesn't work with framed transport leaving thrift > gateway using this feature susceptible to crashes. Updating thrift version > to 0.9.2 will help us in mitigating this problem. Given that security is > one of key requirements for the production clusters, it would be good to > ensure our users that security features in thrift gateway can be used > without any major concerns. Aside this, there are also some nice fixes > pertaining to leaky resources in 0.9.2 like [2] and [3]. > > As far compatibility guarantees are concerned, thrift assures 100% wire > compatibility. However, it is my understanding that there were some minor > additions (new API) in 0.9.2 [5] which won't work in 0.9.0, but that won't > affect us since we are not using those features. And I tried running test > suite and did manual testing with thrift version set to 0.9.2 and things > are running smoothly. If there are no objections to this change, I would be > more than happy to file a jira and follow this up. > > [1] https://issues.apache.org/jira/browse/HBASE-11349 > [2] https://issues.apache.org/jira/browse/THRIFT-2274 > [3] https://issues.apache.org/jira/browse/THRIFT-2359 > [4] > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800&version=12324954 > > > -- > Thanks, > Srikanth. > -- Best regards, - Andy Problems worthy of attack prove their worth by hitting back. - Piet Hein (via Tom White)
