[ https://issues.apache.org/jira/browse/THRIFT-5424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jens Geyer resolved THRIFT-5424. -------------------------------- Fix Version/s: 0.15.0 Resolution: Fixed > Cut release 0.14.2 > ------------------ > > Key: THRIFT-5424 > URL: https://issues.apache.org/jira/browse/THRIFT-5424 > Project: Thrift > Issue Type: Bug > Components: Java - Library > Affects Versions: 0.14.1 > Reporter: Andrey Yegorov > Priority: Critical > Fix For: 0.15.0 > > > libthrift release 0.13.0 (and 0.12.0) has vulnerabilities, such as > CVE-2019-0205 , CVE-2019-0210 , CVE-2020-13949 > https://github.com/advisories/GHSA-g2fg-mr77-6vrm > Unfortunately, upgrade to 0.14.1 is blocked by > https://issues.apache.org/jira/browse/THRIFT-5383 which is fixed in > [apache/thrift#2366|https://github.com/apache/thrift/pull/2366] > We'll need 0.14.2 - with working json parsing and fixed vulnerabilities. > For more context please see: [https://github.com/apache/bookkeeper/pull/2695] -- This message was sent by Atlassian Jira (v8.3.4#803005)