You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2021/01/20 15:39:54 UTC
[GitHub] [pulsar] fmiguelez opened a new issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210 and CVE-2019-0205
fmiguelez opened a new issue #9248:
URL: https://github.com/apache/pulsar/issues/9248
Library from Apache Thrift (libthrift-0.12.jar) used by Apache Pulsar Broker is affected by two high risk vulnerabilities:
[CVE-2019-0210](https://nvd.nist.gov/vuln/detail/CVE-2019-0210) and [CVE-2019-0205](https://nvd.nist.gov/vuln/detail/CVE-2019-0205)
These vulnerabilities are solved by version 0.13.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] hpvd commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210 and CVE-2019-0205
Posted by GitBox <gi...@apache.org>.
hpvd commented on issue #9248:
URL: https://github.com/apache/pulsar/issues/9248#issuecomment-764525288
Since these update-needs regularly occurs,
one should think of implementing a procedure to address this:
Automated security and update routine before every release https://github.com/apache/pulsar/issues/8815
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] codelipenghui commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210, CVE-2019-0205 and CVE-2020-13949
Posted by GitBox <gi...@apache.org>.
codelipenghui commented on issue #9248:
URL: https://github.com/apache/pulsar/issues/9248#issuecomment-1058894044
The issue had no activity for 30 days, mark with Stale label.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210, CVE-2019-0205 and CVE-2020-13949
Posted by GitBox <gi...@apache.org>.
lhotari commented on issue #9248:
URL: https://github.com/apache/pulsar/issues/9248#issuecomment-855904104
Fixing this issue depends on Bookkeeper issue apache/bookkeeper#2695 . libthrift 0.14.1 is broken and a new version is needed before the upgrade can be completed. More details in https://github.com/apache/bookkeeper/pull/2695#pullrequestreview-670542965 .
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] hpvd commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210 and CVE-2019-0205
Posted by GitBox <gi...@apache.org>.
hpvd commented on issue #9248:
URL: https://github.com/apache/pulsar/issues/9248#issuecomment-764525288
Since these update-needs regularly occurs,
one should think of implementing a procedure to address this:
Automated security and update routine before every release https://github.com/apache/pulsar/issues/8815
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org