[ https://issues.apache.org/jira/browse/THRIFT-5075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17023319#comment-17023319 ]
Laurent Goujon commented on THRIFT-5075: ---------------------------------------- I've been trying to do the backport myself (the biggest challenge being recreating a build environment). Here's my proposed patch: https://github.com/apache/thrift/pull/1993 > Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version > ---------------------------------------------------------- > > Key: THRIFT-5075 > URL: https://issues.apache.org/jira/browse/THRIFT-5075 > Project: Thrift > Issue Type: Bug > Reporter: Laurent Goujon > Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > Similar to THRIFT-4506, would it be possible to backport fixes for > CVE-2019-0205 to 0.9.x branch. There are still several projects still relying > on 0.9.3-1, and the vulnerability seems to impact them as well. > I believe the fix for Java was part of THRIFT-4024 -- This message was sent by Atlassian Jira (v8.3.4#803005)