Would this aim for 1.3 or 1.2? -- Sean On Jul 8, 2015 1:42 PM, "Srikanth Srungarapu" <srikanth...@gmail.com> wrote:
> Hi Folks, > > Currently, HBase is using Thrift 0.9.0 version, with the latest version > being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes > due to THRIFT-2660 <https://issues.apache.org/jira/browse/THRIFT-2660> > when > used with default transport and the workaround for this problem is > switching to framed transport. Unfortunately, the recently added > impersonation support [1] doesn't work with framed transport leaving thrift > gateway using this feature susceptible to crashes. Updating thrift version > to 0.9.2 will help us in mitigating this problem. Given that security is > one of key requirements for the production clusters, it would be good to > ensure our users that security features in thrift gateway can be used > without any major concerns. Aside this, there are also some nice fixes > pertaining to leaky resources in 0.9.2 like [2] and [3]. > > As far compatibility guarantees are concerned, thrift assures 100% wire > compatibility. However, it is my understanding that there were some minor > additions (new API) in 0.9.2 [5] which won't work in 0.9.0, but that won't > affect us since we are not using those features. And I tried running test > suite and did manual testing with thrift version set to 0.9.2 and things > are running smoothly. If there are no objections to this change, I would be > more than happy to file a jira and follow this up. > > [1] https://issues.apache.org/jira/browse/HBASE-11349 > [2] https://issues.apache.org/jira/browse/THRIFT-2274 > [3] https://issues.apache.org/jira/browse/THRIFT-2359 > [4] > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800&version=12324954 > > > -- > Thanks, > Srikanth. >
