[ https://issues.apache.org/jira/browse/HBASE-21791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16755574#comment-16755574 ]
Hudson commented on HBASE-21791: -------------------------------- Results for branch branch-1 [build #659 on builds.a.o|https://builds.apache.org/job/HBase%20Nightly/job/branch-1/659/]: (x) *{color:red}-1 overall{color}* ---- details (if available): (x) {color:red}-1 general checks{color} -- For more information [see general report|https://builds.apache.org/job/HBase%20Nightly/job/branch-1/659//General_Nightly_Build_Report/] (x) {color:red}-1 jdk7 checks{color} -- For more information [see jdk7 report|https://builds.apache.org/job/HBase%20Nightly/job/branch-1/659//JDK7_Nightly_Build_Report/] (x) {color:red}-1 jdk8 hadoop2 checks{color} -- For more information [see jdk8 (hadoop2) report|https://builds.apache.org/job/HBase%20Nightly/job/branch-1/659//JDK8_Nightly_Build_Report_(Hadoop2)/] (x) {color:red}-1 source release artifact{color} -- See build output for details. > Upgrade thrift dependency to 0.12.0 > ----------------------------------- > > Key: HBASE-21791 > URL: https://issues.apache.org/jira/browse/HBASE-21791 > Project: HBase > Issue Type: Task > Components: Thrift > Affects Versions: 3.0.0, 1.5.0, 1.3.3, 2.2.0, 1.4.9, 2.1.2, 1.2.10, 2.0.4 > Reporter: Duo Zhang > Assignee: Duo Zhang > Priority: Blocker > Fix For: 3.0.0, 1.5.0, 2.2.0, 2.1.3, 2.0.5, 2.3.0 > > Attachments: HBASE-21791-branch-1.patch, > HBASE-21791-branch-2.1.patch, HBASE-21791.patch > > > As somebody have already known, that there is a CVE for thrift from 0.5.0 to > 0.11.0. > https://nvd.nist.gov/vuln/detail/CVE-2018-1320 > As the CVE is already public, let's upgrade our thrift dependency and release > new versions ASAP. -- This message was sent by Atlassian JIRA (v7.6.3#76005)