[
https://issues.apache.org/jira/browse/KUDU-3626?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17907215#comment-17907215
]
ASF subversion and git services commented on KUDU-3626:
-------------------------------------------------------
Commit f0810fde2e35e03b40554ac04a8c65dfeaae709d in kudu's branch
refs/heads/branch-1.18.x from Abhishek Chennaka
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=f0810fde2 ]
[thirdparty] KUDU-3626 Upgrade Hadoop to 3.4.1
This upgrades the C++ thirdparty Hadoop dependency to 3.4.1.
Upgrades to Hive dependency and corresponding Java versions to
follow.
Change-Id: I90a02bb027e1c5333d6c4c5717c711966b335bf9
Reviewed-on: http://gerrit.cloudera.org:8080/22180
Tested-by: Abhishek Chennaka <[email protected]>
Reviewed-by: Alexey Serbin <[email protected]>
(cherry picked from commit 19164780b89d67cfbdb9b33477d3c6756c04cb6c)
Reviewed-on: http://gerrit.cloudera.org:8080/22247
Tested-by: Kudu Jenkins
Reviewed-by: Abhishek Chennaka <[email protected]>
> The dependency version of Thrift needs to be updated
> ----------------------------------------------------
>
> Key: KUDU-3626
> URL: https://issues.apache.org/jira/browse/KUDU-3626
> Project: Kudu
> Issue Type: Improvement
> Reporter: Peter Lee
> Priority: Major
>
> Hi dear Kudu team, thank you for your great work in Kudu.
> I noticed that Kudu is still depending on Thrift 0.11.0, which is affected by
> some vulnerabilities, such as CVE-2018-1320, CVE-2019-0210, and
> CVE-2019-0205. Maybe we could bump Thrift to a newer version without
> vulnerabilities, like 0.20.0.
> Besides this, there are some other dependencies with vulnerabilities, like
> Apache Hadoop, postgresql, protobuf, and yaml-cpp. It will be appreciated if
> you can also bump their versions.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
