@Sean, I'm thinking of getting this in for 1.3 and master. Do you think we should also get this in for 1.2 release line?
@Ted, My bad, the number should have been [4]. It is pointing to release notes of 0.9.2 i.e. https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800&version=12324954 @Andrew, currently with authentication feature for Thrift turned on, customers can can run (we had seen this happen already internally) into THRIFT-2660 <https://issues.apache.org/jira/browse/THRIFT-2660>, which got fixed in 0.9.2. Upgrading thrift should come to rescue in this case. Filed the jira: https://issues.apache.org/jira/browse/HBASE-14045 On Wed, Jul 8, 2015 at 5:44 PM Andrew Purtell <[email protected]> wrote: > > Unfortunately, the recently added > > impersonation support [1] doesn't work with framed transport leaving > thrift > > gateway using this feature susceptible to crashes. Updating thrift > version > > to 0.9.2 will help us in mitigating this problem. > > Can you say more about how the problem is mitigated? > > What fix versions are you thinking of? > > Filing a JIRA sounds good. > > > On Wed, Jul 8, 2015 at 11:42 AM, Srikanth Srungarapu < > [email protected]> > wrote: > > > Hi Folks, > > > > Currently, HBase is using Thrift 0.9.0 version, with the latest version > > being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes > > due to THRIFT-2660 <https://issues.apache.org/jira/browse/THRIFT-2660> > > when > > used with default transport and the workaround for this problem is > > switching to framed transport. Unfortunately, the recently added > > impersonation support [1] doesn't work with framed transport leaving > thrift > > gateway using this feature susceptible to crashes. Updating thrift > version > > to 0.9.2 will help us in mitigating this problem. Given that security is > > one of key requirements for the production clusters, it would be good to > > ensure our users that security features in thrift gateway can be used > > without any major concerns. Aside this, there are also some nice fixes > > pertaining to leaky resources in 0.9.2 like [2] and [3]. > > > > As far compatibility guarantees are concerned, thrift assures 100% wire > > compatibility. However, it is my understanding that there were some minor > > additions (new API) in 0.9.2 [5] which won't work in 0.9.0, but that > won't > > affect us since we are not using those features. And I tried running test > > suite and did manual testing with thrift version set to 0.9.2 and things > > are running smoothly. If there are no objections to this change, I would > be > > more than happy to file a jira and follow this up. > > > > [1] https://issues.apache.org/jira/browse/HBASE-11349 > > [2] https://issues.apache.org/jira/browse/THRIFT-2274 > > [3] https://issues.apache.org/jira/browse/THRIFT-2359 > > [4] > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800&version=12324954 > > > > > > -- > > Thanks, > > Srikanth. > > > > > > -- > Best regards, > > - Andy > > Problems worthy of attack prove their worth by hitting back. - Piet Hein > (via Tom White) > -- Thanks, Srikanth.
