You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hbase.apache.org by Srikanth Srungarapu <sr...@gmail.com> on 2015/07/08 20:42:05 UTC
[DISCUSS] Bumping Thrift to 0.9.2 in branch-1
Hi Folks,
Currently, HBase is using Thrift 0.9.0 version, with the latest version
being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes
due to THRIFT-2660 <https://issues.apache.org/jira/browse/THRIFT-2660> when
used with default transport and the workaround for this problem is
switching to framed transport. Unfortunately, the recently added
impersonation support [1] doesn't work with framed transport leaving thrift
gateway using this feature susceptible to crashes. Updating thrift version
to 0.9.2 will help us in mitigating this problem. Given that security is
one of key requirements for the production clusters, it would be good to
ensure our users that security features in thrift gateway can be used
without any major concerns. Aside this, there are also some nice fixes
pertaining to leaky resources in 0.9.2 like [2] and [3].
As far compatibility guarantees are concerned, thrift assures 100% wire
compatibility. However, it is my understanding that there were some minor
additions (new API) in 0.9.2 [5] which won't work in 0.9.0, but that won't
affect us since we are not using those features. And I tried running test
suite and did manual testing with thrift version set to 0.9.2 and things
are running smoothly. If there are no objections to this change, I would be
more than happy to file a jira and follow this up.
[1] https://issues.apache.org/jira/browse/HBASE-11349
[2] https://issues.apache.org/jira/browse/THRIFT-2274
[3] https://issues.apache.org/jira/browse/THRIFT-2359
[4]
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800&version=12324954
--
Thanks,
Srikanth.
Re: [DISCUSS] Bumping Thrift to 0.9.2 in branch-1
Posted by Ted Yu <yu...@gmail.com>.
bq. some minor additions (new API) in 0.9.2 [5]
I don't seem to find [5].
Mind sharing the link ?
Thanks
On Wed, Jul 8, 2015 at 11:42 AM, Srikanth Srungarapu <sr...@gmail.com>
wrote:
> Hi Folks,
>
> Currently, HBase is using Thrift 0.9.0 version, with the latest version
> being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes
> due to THRIFT-2660 <https://issues.apache.org/jira/browse/THRIFT-2660>
> when
> used with default transport and the workaround for this problem is
> switching to framed transport. Unfortunately, the recently added
> impersonation support [1] doesn't work with framed transport leaving thrift
> gateway using this feature susceptible to crashes. Updating thrift version
> to 0.9.2 will help us in mitigating this problem. Given that security is
> one of key requirements for the production clusters, it would be good to
> ensure our users that security features in thrift gateway can be used
> without any major concerns. Aside this, there are also some nice fixes
> pertaining to leaky resources in 0.9.2 like [2] and [3].
>
> As far compatibility guarantees are concerned, thrift assures 100% wire
> compatibility. However, it is my understanding that there were some minor
> additions (new API) in 0.9.2 [5] which won't work in 0.9.0, but that won't
> affect us since we are not using those features. And I tried running test
> suite and did manual testing with thrift version set to 0.9.2 and things
> are running smoothly. If there are no objections to this change, I would be
> more than happy to file a jira and follow this up.
>
> [1] https://issues.apache.org/jira/browse/HBASE-11349
> [2] https://issues.apache.org/jira/browse/THRIFT-2274
> [3] https://issues.apache.org/jira/browse/THRIFT-2359
> [4]
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800&version=12324954
>
>
> --
> Thanks,
> Srikanth.
>
Re: [DISCUSS] Bumping Thrift to 0.9.2 in branch-1
Posted by Sean Busbey <bu...@cloudera.com>.
On Wed, Jul 8, 2015 at 11:12 PM, Srikanth Srungarapu <sr...@gmail.com>
wrote:
> @Sean, I'm thinking of getting this in for 1.3 and master. Do you think we
> should also get this in for 1.2 release line?
>
>
We're a bit too close to 1.2 for my comfort in changing the thrift library
version, given their history of breaking behavioral compatibility.
--
Sean
Re: [DISCUSS] Bumping Thrift to 0.9.2 in branch-1
Posted by Sean Busbey <bu...@cloudera.com>.
On Wed, Jul 8, 2015 at 11:12 PM, Srikanth Srungarapu <sr...@gmail.com>
wrote:
> @Sean, I'm thinking of getting this in for 1.3 and master. Do you think we
> should also get this in for 1.2 release line?
>
>
We're a bit too close to 1.2 for my comfort in changing the thrift library
version, given their history of breaking behavioral compatibility.
--
Sean
Re: [DISCUSS] Bumping Thrift to 0.9.2 in branch-1
Posted by Srikanth Srungarapu <sr...@gmail.com>.
@Sean, I'm thinking of getting this in for 1.3 and master. Do you think we
should also get this in for 1.2 release line?
@Ted, My bad, the number should have been [4]. It is pointing to release
notes of 0.9.2 i.e.
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800&version=12324954
@Andrew, currently with authentication feature for Thrift turned on,
customers can can run (we had seen this happen already internally) into
THRIFT-2660 <https://issues.apache.org/jira/browse/THRIFT-2660>, which got
fixed in 0.9.2. Upgrading thrift should come to rescue in this case.
Filed the jira: https://issues.apache.org/jira/browse/HBASE-14045
On Wed, Jul 8, 2015 at 5:44 PM Andrew Purtell <ap...@apache.org> wrote:
> > Unfortunately, the recently added
> > impersonation support [1] doesn't work with framed transport leaving
> thrift
> > gateway using this feature susceptible to crashes. Updating thrift
> version
> > to 0.9.2 will help us in mitigating this problem.
>
> Can you say more about how the problem is mitigated?
>
> What fix versions are you thinking of?
>
> Filing a JIRA sounds good.
>
>
> On Wed, Jul 8, 2015 at 11:42 AM, Srikanth Srungarapu <
> srikanth235@gmail.com>
> wrote:
>
> > Hi Folks,
> >
> > Currently, HBase is using Thrift 0.9.0 version, with the latest version
> > being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes
> > due to THRIFT-2660 <https://issues.apache.org/jira/browse/THRIFT-2660>
> > when
> > used with default transport and the workaround for this problem is
> > switching to framed transport. Unfortunately, the recently added
> > impersonation support [1] doesn't work with framed transport leaving
> thrift
> > gateway using this feature susceptible to crashes. Updating thrift
> version
> > to 0.9.2 will help us in mitigating this problem. Given that security is
> > one of key requirements for the production clusters, it would be good to
> > ensure our users that security features in thrift gateway can be used
> > without any major concerns. Aside this, there are also some nice fixes
> > pertaining to leaky resources in 0.9.2 like [2] and [3].
> >
> > As far compatibility guarantees are concerned, thrift assures 100% wire
> > compatibility. However, it is my understanding that there were some minor
> > additions (new API) in 0.9.2 [5] which won't work in 0.9.0, but that
> won't
> > affect us since we are not using those features. And I tried running test
> > suite and did manual testing with thrift version set to 0.9.2 and things
> > are running smoothly. If there are no objections to this change, I would
> be
> > more than happy to file a jira and follow this up.
> >
> > [1] https://issues.apache.org/jira/browse/HBASE-11349
> > [2] https://issues.apache.org/jira/browse/THRIFT-2274
> > [3] https://issues.apache.org/jira/browse/THRIFT-2359
> > [4]
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800&version=12324954
> >
> >
> > --
> > Thanks,
> > Srikanth.
> >
>
>
>
> --
> Best regards,
>
> - Andy
>
> Problems worthy of attack prove their worth by hitting back. - Piet Hein
> (via Tom White)
>
--
Thanks,
Srikanth.
Re: [DISCUSS] Bumping Thrift to 0.9.2 in branch-1
Posted by Srikanth Srungarapu <sr...@gmail.com>.
@Sean, I'm thinking of getting this in for 1.3 and master. Do you think we
should also get this in for 1.2 release line?
@Ted, My bad, the number should have been [4]. It is pointing to release
notes of 0.9.2 i.e.
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800&version=12324954
@Andrew, currently with authentication feature for Thrift turned on,
customers can can run (we had seen this happen already internally) into
THRIFT-2660 <https://issues.apache.org/jira/browse/THRIFT-2660>, which got
fixed in 0.9.2. Upgrading thrift should come to rescue in this case.
Filed the jira: https://issues.apache.org/jira/browse/HBASE-14045
On Wed, Jul 8, 2015 at 5:44 PM Andrew Purtell <ap...@apache.org> wrote:
> > Unfortunately, the recently added
> > impersonation support [1] doesn't work with framed transport leaving
> thrift
> > gateway using this feature susceptible to crashes. Updating thrift
> version
> > to 0.9.2 will help us in mitigating this problem.
>
> Can you say more about how the problem is mitigated?
>
> What fix versions are you thinking of?
>
> Filing a JIRA sounds good.
>
>
> On Wed, Jul 8, 2015 at 11:42 AM, Srikanth Srungarapu <
> srikanth235@gmail.com>
> wrote:
>
> > Hi Folks,
> >
> > Currently, HBase is using Thrift 0.9.0 version, with the latest version
> > being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes
> > due to THRIFT-2660 <https://issues.apache.org/jira/browse/THRIFT-2660>
> > when
> > used with default transport and the workaround for this problem is
> > switching to framed transport. Unfortunately, the recently added
> > impersonation support [1] doesn't work with framed transport leaving
> thrift
> > gateway using this feature susceptible to crashes. Updating thrift
> version
> > to 0.9.2 will help us in mitigating this problem. Given that security is
> > one of key requirements for the production clusters, it would be good to
> > ensure our users that security features in thrift gateway can be used
> > without any major concerns. Aside this, there are also some nice fixes
> > pertaining to leaky resources in 0.9.2 like [2] and [3].
> >
> > As far compatibility guarantees are concerned, thrift assures 100% wire
> > compatibility. However, it is my understanding that there were some minor
> > additions (new API) in 0.9.2 [5] which won't work in 0.9.0, but that
> won't
> > affect us since we are not using those features. And I tried running test
> > suite and did manual testing with thrift version set to 0.9.2 and things
> > are running smoothly. If there are no objections to this change, I would
> be
> > more than happy to file a jira and follow this up.
> >
> > [1] https://issues.apache.org/jira/browse/HBASE-11349
> > [2] https://issues.apache.org/jira/browse/THRIFT-2274
> > [3] https://issues.apache.org/jira/browse/THRIFT-2359
> > [4]
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800&version=12324954
> >
> >
> > --
> > Thanks,
> > Srikanth.
> >
>
>
>
> --
> Best regards,
>
> - Andy
>
> Problems worthy of attack prove their worth by hitting back. - Piet Hein
> (via Tom White)
>
--
Thanks,
Srikanth.
Re: [DISCUSS] Bumping Thrift to 0.9.2 in branch-1
Posted by Andrew Purtell <ap...@apache.org>.
> Unfortunately, the recently added
> impersonation support [1] doesn't work with framed transport leaving
thrift
> gateway using this feature susceptible to crashes. Updating thrift
version
> to 0.9.2 will help us in mitigating this problem.
Can you say more about how the problem is mitigated?
What fix versions are you thinking of?
Filing a JIRA sounds good.
On Wed, Jul 8, 2015 at 11:42 AM, Srikanth Srungarapu <sr...@gmail.com>
wrote:
> Hi Folks,
>
> Currently, HBase is using Thrift 0.9.0 version, with the latest version
> being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes
> due to THRIFT-2660 <https://issues.apache.org/jira/browse/THRIFT-2660>
> when
> used with default transport and the workaround for this problem is
> switching to framed transport. Unfortunately, the recently added
> impersonation support [1] doesn't work with framed transport leaving thrift
> gateway using this feature susceptible to crashes. Updating thrift version
> to 0.9.2 will help us in mitigating this problem. Given that security is
> one of key requirements for the production clusters, it would be good to
> ensure our users that security features in thrift gateway can be used
> without any major concerns. Aside this, there are also some nice fixes
> pertaining to leaky resources in 0.9.2 like [2] and [3].
>
> As far compatibility guarantees are concerned, thrift assures 100% wire
> compatibility. However, it is my understanding that there were some minor
> additions (new API) in 0.9.2 [5] which won't work in 0.9.0, but that won't
> affect us since we are not using those features. And I tried running test
> suite and did manual testing with thrift version set to 0.9.2 and things
> are running smoothly. If there are no objections to this change, I would be
> more than happy to file a jira and follow this up.
>
> [1] https://issues.apache.org/jira/browse/HBASE-11349
> [2] https://issues.apache.org/jira/browse/THRIFT-2274
> [3] https://issues.apache.org/jira/browse/THRIFT-2359
> [4]
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800&version=12324954
>
>
> --
> Thanks,
> Srikanth.
>
--
Best regards,
- Andy
Problems worthy of attack prove their worth by hitting back. - Piet Hein
(via Tom White)
Re: [DISCUSS] Bumping Thrift to 0.9.2 in branch-1
Posted by Ted Yu <yu...@gmail.com>.
bq. some minor additions (new API) in 0.9.2 [5]
I don't seem to find [5].
Mind sharing the link ?
Thanks
On Wed, Jul 8, 2015 at 11:42 AM, Srikanth Srungarapu <sr...@gmail.com>
wrote:
> Hi Folks,
>
> Currently, HBase is using Thrift 0.9.0 version, with the latest version
> being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes
> due to THRIFT-2660 <https://issues.apache.org/jira/browse/THRIFT-2660>
> when
> used with default transport and the workaround for this problem is
> switching to framed transport. Unfortunately, the recently added
> impersonation support [1] doesn't work with framed transport leaving thrift
> gateway using this feature susceptible to crashes. Updating thrift version
> to 0.9.2 will help us in mitigating this problem. Given that security is
> one of key requirements for the production clusters, it would be good to
> ensure our users that security features in thrift gateway can be used
> without any major concerns. Aside this, there are also some nice fixes
> pertaining to leaky resources in 0.9.2 like [2] and [3].
>
> As far compatibility guarantees are concerned, thrift assures 100% wire
> compatibility. However, it is my understanding that there were some minor
> additions (new API) in 0.9.2 [5] which won't work in 0.9.0, but that won't
> affect us since we are not using those features. And I tried running test
> suite and did manual testing with thrift version set to 0.9.2 and things
> are running smoothly. If there are no objections to this change, I would be
> more than happy to file a jira and follow this up.
>
> [1] https://issues.apache.org/jira/browse/HBASE-11349
> [2] https://issues.apache.org/jira/browse/THRIFT-2274
> [3] https://issues.apache.org/jira/browse/THRIFT-2359
> [4]
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800&version=12324954
>
>
> --
> Thanks,
> Srikanth.
>
Re: [DISCUSS] Bumping Thrift to 0.9.2 in branch-1
Posted by Sean Busbey <bu...@cloudera.com>.
Would this aim for 1.3 or 1.2?
--
Sean
On Jul 8, 2015 1:42 PM, "Srikanth Srungarapu" <sr...@gmail.com> wrote:
> Hi Folks,
>
> Currently, HBase is using Thrift 0.9.0 version, with the latest version
> being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes
> due to THRIFT-2660 <https://issues.apache.org/jira/browse/THRIFT-2660>
> when
> used with default transport and the workaround for this problem is
> switching to framed transport. Unfortunately, the recently added
> impersonation support [1] doesn't work with framed transport leaving thrift
> gateway using this feature susceptible to crashes. Updating thrift version
> to 0.9.2 will help us in mitigating this problem. Given that security is
> one of key requirements for the production clusters, it would be good to
> ensure our users that security features in thrift gateway can be used
> without any major concerns. Aside this, there are also some nice fixes
> pertaining to leaky resources in 0.9.2 like [2] and [3].
>
> As far compatibility guarantees are concerned, thrift assures 100% wire
> compatibility. However, it is my understanding that there were some minor
> additions (new API) in 0.9.2 [5] which won't work in 0.9.0, but that won't
> affect us since we are not using those features. And I tried running test
> suite and did manual testing with thrift version set to 0.9.2 and things
> are running smoothly. If there are no objections to this change, I would be
> more than happy to file a jira and follow this up.
>
> [1] https://issues.apache.org/jira/browse/HBASE-11349
> [2] https://issues.apache.org/jira/browse/THRIFT-2274
> [3] https://issues.apache.org/jira/browse/THRIFT-2359
> [4]
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800&version=12324954
>
>
> --
> Thanks,
> Srikanth.
>
Re: [DISCUSS] Bumping Thrift to 0.9.2 in branch-1
Posted by Sean Busbey <bu...@cloudera.com>.
Would this aim for 1.3 or 1.2?
--
Sean
On Jul 8, 2015 1:42 PM, "Srikanth Srungarapu" <sr...@gmail.com> wrote:
> Hi Folks,
>
> Currently, HBase is using Thrift 0.9.0 version, with the latest version
> being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes
> due to THRIFT-2660 <https://issues.apache.org/jira/browse/THRIFT-2660>
> when
> used with default transport and the workaround for this problem is
> switching to framed transport. Unfortunately, the recently added
> impersonation support [1] doesn't work with framed transport leaving thrift
> gateway using this feature susceptible to crashes. Updating thrift version
> to 0.9.2 will help us in mitigating this problem. Given that security is
> one of key requirements for the production clusters, it would be good to
> ensure our users that security features in thrift gateway can be used
> without any major concerns. Aside this, there are also some nice fixes
> pertaining to leaky resources in 0.9.2 like [2] and [3].
>
> As far compatibility guarantees are concerned, thrift assures 100% wire
> compatibility. However, it is my understanding that there were some minor
> additions (new API) in 0.9.2 [5] which won't work in 0.9.0, but that won't
> affect us since we are not using those features. And I tried running test
> suite and did manual testing with thrift version set to 0.9.2 and things
> are running smoothly. If there are no objections to this change, I would be
> more than happy to file a jira and follow this up.
>
> [1] https://issues.apache.org/jira/browse/HBASE-11349
> [2] https://issues.apache.org/jira/browse/THRIFT-2274
> [3] https://issues.apache.org/jira/browse/THRIFT-2359
> [4]
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800&version=12324954
>
>
> --
> Thanks,
> Srikanth.
>
Re: [DISCUSS] Bumping Thrift to 0.9.2 in branch-1
Posted by Andrew Purtell <ap...@apache.org>.
> Unfortunately, the recently added
> impersonation support [1] doesn't work with framed transport leaving
thrift
> gateway using this feature susceptible to crashes. Updating thrift
version
> to 0.9.2 will help us in mitigating this problem.
Can you say more about how the problem is mitigated?
What fix versions are you thinking of?
Filing a JIRA sounds good.
On Wed, Jul 8, 2015 at 11:42 AM, Srikanth Srungarapu <sr...@gmail.com>
wrote:
> Hi Folks,
>
> Currently, HBase is using Thrift 0.9.0 version, with the latest version
> being 0.9.2. Currently, the HBase Thrift gateway is vulnerable to crashes
> due to THRIFT-2660 <https://issues.apache.org/jira/browse/THRIFT-2660>
> when
> used with default transport and the workaround for this problem is
> switching to framed transport. Unfortunately, the recently added
> impersonation support [1] doesn't work with framed transport leaving thrift
> gateway using this feature susceptible to crashes. Updating thrift version
> to 0.9.2 will help us in mitigating this problem. Given that security is
> one of key requirements for the production clusters, it would be good to
> ensure our users that security features in thrift gateway can be used
> without any major concerns. Aside this, there are also some nice fixes
> pertaining to leaky resources in 0.9.2 like [2] and [3].
>
> As far compatibility guarantees are concerned, thrift assures 100% wire
> compatibility. However, it is my understanding that there were some minor
> additions (new API) in 0.9.2 [5] which won't work in 0.9.0, but that won't
> affect us since we are not using those features. And I tried running test
> suite and did manual testing with thrift version set to 0.9.2 and things
> are running smoothly. If there are no objections to this change, I would be
> more than happy to file a jira and follow this up.
>
> [1] https://issues.apache.org/jira/browse/HBASE-11349
> [2] https://issues.apache.org/jira/browse/THRIFT-2274
> [3] https://issues.apache.org/jira/browse/THRIFT-2359
> [4]
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310800&version=12324954
>
>
> --
> Thanks,
> Srikanth.
>
--
Best regards,
- Andy
Problems worthy of attack prove their worth by hitting back. - Piet Hein
(via Tom White)