You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@thrift.apache.org by GitBox <gi...@apache.org> on 2021/03/02 03:21:25 UTC

[GitHub] [thrift] iadcode opened a new pull request #2340: Move java dependency tomcat-embed to the crossTest configuration...

iadcode opened a new pull request #2340:
URL: https://github.com/apache/thrift/pull/2340


   …to remove outdated unnecessary compile time dependency.
   
   When using java package libthrift 0.14.0, I've noticed a new compile time dependency for the package to tomcat-embedded-core. Upon reviewing, this package is quite old and is a security risk. When I looked at where and how this package is being used, I noticed that it's only refered to by crossTest and to provide access to the javax.servlet classes.
   
   Since tomcat-embedded is only used in crossTests, I have moved it to crossTest configuration so the libthrift java package does not require this unnecessary dependency for compilation. Instead, the java-servlet dependency has been reintroduced in compile time. I've also taken this opportunity to update both dependenciesto a later version.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [thrift] iadcode commented on pull request #2340: Move java dependency tomcat-embed to the crossTest configuration...

Posted by GitBox <gi...@apache.org>.

iadcode commented on pull request #2340:
URL: https://github.com/apache/thrift/pull/2340#issuecomment-789260380


   Hi @Jens-G . Thank you for taking the time to look at my PR. Could you elaborate as to why this has been rejected? I've been trying to look for whether it had failed any checks or not but cannot find any records of this. Thanks again.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [thrift] iadcode removed a comment on pull request #2340: Move java dependency tomcat-embed to the crossTest configuration...

Posted by GitBox <gi...@apache.org>.

iadcode removed a comment on pull request #2340:
URL: https://github.com/apache/thrift/pull/2340#issuecomment-789260380


   Hi @Jens-G . Thank you for taking the time to look at my PR. Could you elaborate as to why this has been rejected? I've been trying to look for whether it had failed any checks or not but cannot find any records of this. Thanks again.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [thrift] tomsfernandez commented on pull request #2340: Move java dependency tomcat-embed to the crossTest configuration...

Posted by GitBox <gi...@apache.org>.

tomsfernandez commented on pull request #2340:
URL: https://github.com/apache/thrift/pull/2340#issuecomment-866950134


   Hi! Any update a release for this fix?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [thrift] Jens-G closed pull request #2340: Move java dependency tomcat-embed to the crossTest configuration...

Posted by GitBox <gi...@apache.org>.

Jens-G closed pull request #2340:
URL: https://github.com/apache/thrift/pull/2340


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [thrift] Jens-G commented on pull request #2340: Move java dependency tomcat-embed to the crossTest configuration...

Posted by GitBox <gi...@apache.org>.

Jens-G commented on pull request #2340:
URL: https://github.com/apache/thrift/pull/2340#issuecomment-867113423


   There are plans to release 0.15.0 in late summer.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [thrift] ecolinet commented on pull request #2340: Move java dependency tomcat-embed to the crossTest configuration...

Posted by GitBox <gi...@apache.org>.

ecolinet commented on pull request #2340:
URL: https://github.com/apache/thrift/pull/2340#issuecomment-831710659


   Hi,
   
   Can we expect a release for that fix ?
   
   It's important for us since the imported tomcat-embed 8.5.46 contains a lot of CVEs (cf https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-887/version_id-200037/Apache-Tomcat-8.5.4.html).
   
   Thanks,
   Eric
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [thrift] Jens-G commented on pull request #2340: Move java dependency tomcat-embed to the crossTest configuration...

Posted by GitBox <gi...@apache.org>.

Jens-G commented on pull request #2340:
URL: https://github.com/apache/thrift/pull/2340#issuecomment-867415372


   I known, I prepared that release myself. It only contains two additional fixes on top of 0.14.1.
   https://github.com/apache/thrift/blob/0.14.2/CHANGES.md


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [thrift] Jens-G edited a comment on pull request #2340: Move java dependency tomcat-embed to the crossTest configuration...

Posted by GitBox <gi...@apache.org>.

Jens-G edited a comment on pull request #2340:
URL: https://github.com/apache/thrift/pull/2340#issuecomment-867415372


   I know, I prepared that release myself. It only contains two additional fixes on top of 0.14.1.
   https://github.com/apache/thrift/blob/0.14.2/CHANGES.md


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [thrift] tomsfernandez commented on pull request #2340: Move java dependency tomcat-embed to the crossTest configuration...

Posted by GitBox <gi...@apache.org>.

tomsfernandez commented on pull request #2340:
URL: https://github.com/apache/thrift/pull/2340#issuecomment-867128235


   Hi @Jens-G. Just noticed there is a 0.14.2 release 6 days ago. Is this PR included in it?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [thrift] Jens-G commented on pull request #2340: Move java dependency tomcat-embed to the crossTest configuration...

Posted by GitBox <gi...@apache.org>.

Jens-G commented on pull request #2340:
URL: https://github.com/apache/thrift/pull/2340#issuecomment-789329615


   It has been merged, not rejected.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org