Andrey Yegorov created THRIFT-5424:
--------------------------------------
Summary: Cut release 0.14.2
Key: THRIFT-5424
URL: https://issues.apache.org/jira/browse/THRIFT-5424
Project: Thrift
Issue Type: Bug
Components: Java - Library
Affects Versions: 0.14.1
Reporter: Andrey Yegorov
libthrift release 0.13.0 (and 0.12.0) has vulnerabilities, such as
CVE-2019-0205 , CVE-2019-0210 , CVE-2020-13949
https://github.com/advisories/GHSA-g2fg-mr77-6vrm
Unfortunately, upgrade to 0.14.1 is blocked by
https://issues.apache.org/jira/browse/THRIFT-5383 which is fixed in
[apache/thrift#2366|https://github.com/apache/thrift/pull/2366]
We'll need 0.14.2 - with working json parsing and fixed vulnerabilities.
For more context please see: [https://github.com/apache/bookkeeper/pull/2695]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
