[
https://issues.apache.org/jira/browse/THRIFT-5075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17023464#comment-17023464
]
Jens Geyer commented on THRIFT-5075:
------------------------------------
Usually we do not do this because of the efforts someone had to put into this.
We surely can apply the patch, but I'm not so sure if we provide another
release from 0.9.x. Ifs there any specific reason why people don't want to
updgrade to a more recent verison?
> Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version
> ----------------------------------------------------------
>
> Key: THRIFT-5075
> URL: https://issues.apache.org/jira/browse/THRIFT-5075
> Project: Thrift
> Issue Type: Bug
> Reporter: Laurent Goujon
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Similar to THRIFT-4506, would it be possible to backport fixes for
> CVE-2019-0205 to 0.9.x branch. There are still several projects still relying
> on 0.9.3-1, and the vulnerability seems to impact them as well.
> I believe the fix for Java was part of THRIFT-4024
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
