You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "Jens Geyer (Jira)" <ji...@apache.org> on 2021/08/03 20:06:00 UTC
[jira] [Commented] (THRIFT-5427) Thrift v0.14.1 contains dependecy
to vulnerable `ws` module
[ https://issues.apache.org/jira/browse/THRIFT-5427?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17392507#comment-17392507 ]
Jens Geyer commented on THRIFT-5427:
------------------------------------
Since you left very few information besides the commands, I set the "component" fieldĀ to my best knowledge myself. Feel free to fix.
Also, the 0.15.0 release is approaching and if this should be a part of it, the best time to provide a patch would be now. Otherwise it will have to wait until next release.
> Thrift v0.14.1 contains dependecy to vulnerable `ws` module
> -----------------------------------------------------------
>
> Key: THRIFT-5427
> URL: https://issues.apache.org/jira/browse/THRIFT-5427
> Project: Thrift
> Issue Type: Bug
> Components: Node.js - Library
> Affects Versions: 0.14.1
> Reporter: Hitendra Singh Hada
> Priority: Major
>
> Currently thrift v0.14.1 contains dependecy of `ws` module v5.2.2 which is vulnerable. To fix the vulnerability you need to update `ws` module with version 7.4.6. Please have a look and advise ETA.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)