[
https://issues.apache.org/jira/browse/HBASE-22058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16800770#comment-16800770
]
Sean Busbey commented on HBASE-22058:
-------------------------------------
+1, also on either approach (though I personally prefer the pom-only change)
you're correct the 0.9.3.1 release only changed the java library impacted by
the CVE; it didn't even update the thrift version. no code gen should be needed.
> backport HBASE-HBASE-21791 (Upgrade thrift dependency to 0.12.0) to 1.4 and
> 1.3
> -------------------------------------------------------------------------------
>
> Key: HBASE-22058
> URL: https://issues.apache.org/jira/browse/HBASE-22058
> Project: HBase
> Issue Type: Bug
> Components: Thrift
> Reporter: Francis Liu
> Assignee: Francis Liu
> Priority: Major
> Fix For: 1.4.10, 1.3.4
>
> Attachments: HBASE-22058-branch-1.4.patch,
> HBASE-22058.branch-1.4.001.patch, HBASE-22058.branch-1.4.002.patch
>
>
> Creating a separate Jira to do the backport since the .thrift files differ
> between branch-1 and 1.4, 1.3. I backported the change in the pom.xml from
> branch-1 and regenerated the thrift configs.
> cc [~apurtell]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
