You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "Sylwester Lachiewicz (Jira)" <ji...@apache.org> on 2022/05/17 20:45:00 UTC
[jira] [Commented] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version
[ https://issues.apache.org/jira/browse/THRIFT-5075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17538465#comment-17538465 ]
Sylwester Lachiewicz commented on THRIFT-5075:
----------------------------------------------
can be closed - HIVE have upgraded version
> Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version
> ----------------------------------------------------------
>
> Key: THRIFT-5075
> URL: https://issues.apache.org/jira/browse/THRIFT-5075
> Project: Thrift
> Issue Type: Bug
> Components: Java - Library
> Reporter: Laurent Goujon
> Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Similar to THRIFT-4506, would it be possible to backport fixes for CVE-2019-0205 to 0.9.x branch. There are still several projects still relying on 0.9.3-1, and the vulnerability seems to impact them as well.
> I believe the fix for Java was part of THRIFT-4024
--
This message was sent by Atlassian Jira
(v8.20.7#820007)