[ https://issues.apache.org/jira/browse/HBASE-22058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16800770#comment-16800770 ]
Sean Busbey commented on HBASE-22058: ------------------------------------- +1, also on either approach (though I personally prefer the pom-only change) you're correct the 0.9.3.1 release only changed the java library impacted by the CVE; it didn't even update the thrift version. no code gen should be needed. > backport HBASE-HBASE-21791 (Upgrade thrift dependency to 0.12.0) to 1.4 and > 1.3 > ------------------------------------------------------------------------------- > > Key: HBASE-22058 > URL: https://issues.apache.org/jira/browse/HBASE-22058 > Project: HBase > Issue Type: Bug > Components: Thrift > Reporter: Francis Liu > Assignee: Francis Liu > Priority: Major > Fix For: 1.4.10, 1.3.4 > > Attachments: HBASE-22058-branch-1.4.patch, > HBASE-22058.branch-1.4.001.patch, HBASE-22058.branch-1.4.002.patch > > > Creating a separate Jira to do the backport since the .thrift files differ > between branch-1 and 1.4, 1.3. I backported the change in the pom.xml from > branch-1 and regenerated the thrift configs. > cc [~apurtell] -- This message was sent by Atlassian JIRA (v7.6.3#76005)