[ https://issues.apache.org/jira/browse/HBASE-14045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14628820#comment-14628820 ]
Srikanth Srungarapu commented on HBASE-14045: --------------------------------------------- Added a courtesy release note. Thanks for the reviews! > Bumping thrift version to 0.9.2. > -------------------------------- > > Key: HBASE-14045 > URL: https://issues.apache.org/jira/browse/HBASE-14045 > Project: HBase > Issue Type: Improvement > Reporter: Srikanth Srungarapu > Assignee: Srikanth Srungarapu > Fix For: 2.0.0, 1.3.0 > > Attachments: HBASE-14045-branch-1.patch, HBASE-14045.patch, > compat_report.html > > > From mailing list conversation: > {quote} > Currently, HBase is using Thrift 0.9.0 version, with the latest version > being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes due > to THRIFT-2660 when used with default transport and the workaround for this > problem is switching to framed transport. Unfortunately, the recently added > impersonation support \[1\] doesn't work with framed transport leaving thrift > gateway using this feature susceptible to crashes. Updating thrift version > to 0.9.2 will help us in mitigating this problem. Given that security is one > of key requirements for the production clusters, it would be good to ensure > our users that security features in thrift gateway can be used without any > major concerns. Aside this, there are also some nice fixes pertaining to > leaky resources in 0.9.2 like \[2\] and \[3\]. > As far compatibility guarantees are concerned, thrift assures 100% wire > compatibility. However, it is my understanding that there were some minor > additions (new API) in 0.9.2 \[4\] which won't work in 0.9.0, but that won't > affect us since we are not using those features. And I tried running test > suite and did manual testing with thrift version set to 0.9.2 and things are > running smoothly. If there are no objections to this change, I would be more > than happy to file a jira and follow this up. > \[1\] https://issues.apache.org/jira/browse/HBASE-11349 > \[2\] https://issues.apache.org/jira/browse/THRIFT-2274 > \[3\] https://issues.apache.org/jira/browse/THRIFT-2359 > \[4\] > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800&version=12324954 > {quote} -- This message was sent by Atlassian JIRA (v6.3.4#6332)