[ https://issues.apache.org/jira/browse/HBASE-14045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14620808#comment-14620808 ]
Sean Busbey commented on HBASE-14045: ------------------------------------- FYI, 0.9.1 includes a non-backwards compatible API change from THRIFT-1972. The {{_trans}} field in the {{AbstractNonblockingServer.FrameBuffer}} class went from public to protected. AFAICT, this change is still present in 0.9.2. > Bumping thrift version to 0.9.2. > -------------------------------- > > Key: HBASE-14045 > URL: https://issues.apache.org/jira/browse/HBASE-14045 > Project: HBase > Issue Type: Improvement > Reporter: Srikanth Srungarapu > Assignee: Srikanth Srungarapu > Fix For: 2.0.0, 1.3.0 > > > From mailing list conversation: > {quote} > Currently, HBase is using Thrift 0.9.0 version, with the latest version > being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes due > to THRIFT-2660 when used with default transport and the workaround for this > problem is switching to framed transport. Unfortunately, the recently added > impersonation support \[1\] doesn't work with framed transport leaving thrift > gateway using this feature susceptible to crashes. Updating thrift version > to 0.9.2 will help us in mitigating this problem. Given that security is one > of key requirements for the production clusters, it would be good to ensure > our users that security features in thrift gateway can be used without any > major concerns. Aside this, there are also some nice fixes pertaining to > leaky resources in 0.9.2 like \[2\] and \[3\]. > As far compatibility guarantees are concerned, thrift assures 100% wire > compatibility. However, it is my understanding that there were some minor > additions (new API) in 0.9.2 \[4\] which won't work in 0.9.0, but that won't > affect us since we are not using those features. And I tried running test > suite and did manual testing with thrift version set to 0.9.2 and things are > running smoothly. If there are no objections to this change, I would be more > than happy to file a jira and follow this up. > \[1\] https://issues.apache.org/jira/browse/HBASE-11349 > \[2\] https://issues.apache.org/jira/browse/THRIFT-2274 > \[3\] https://issues.apache.org/jira/browse/THRIFT-2359 > \[4\] > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800&version=12324954 > {quote} -- This message was sent by Atlassian JIRA (v6.3.4#6332)