You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@flume.apache.org by "xuwenping123 (via GitHub)" <gi...@apache.org> on 2023/03/18 05:30:24 UTC
[GitHub] [flume] xuwenping123 opened a new pull request, #398: FLUME-3452. Upgrade libthrift version to fix CVE 2020-1938
xuwenping123 opened a new pull request, #398:
URL: https://github.com/apache/flume/pull/398
org.apache.thrift:libthrift:0.14.1 has dependency on tomcat-embed-core : 8.5.46 which is causing CVE 2020-1938.
org.apache.thrift:libthrift:0.14.2 solved the problem for https://mvnrepository.com/artifact/org.apache.thrift/libthrift/0.14.2,
see https://issues.apache.org/jira/browse/FLUME-3452.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@flume.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flume] xuwenping123 commented on pull request #398: FLUME-3452. Upgrade libthrift version to fix CVE 2020-1938
Posted by "xuwenping123 (via GitHub)" <gi...@apache.org>.
xuwenping123 commented on PR #398:
URL: https://github.com/apache/flume/pull/398#issuecomment-1481227708
> I apologize for making it seem like the unit test failures were due to this change. They were not. I just happened to notice that the CI builds were failing in the Thrift tests. When I used Java 11 on my computer I saw the same failures. Then I noticed the CI build was using a newer version of JDK 8 and when I upgraded to that I saw the same errors. I fixed the problem with FLUME-3460.
It's not a problem at all, I wish I could do something with flume.
I did encounter some problems in building the project in the past two days. For details, please refer to this link?
https://github.com/apache/flume/pull/403
or https://issues.apache.org/jira/browse/FLUME-3462
Finally thank you, hope I can do a little work for flume.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@flume.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flume] xuwenping123 commented on pull request #398: FLUME-3452. Upgrade libthrift version to fix CVE 2020-1938
Posted by "xuwenping123 (via GitHub)" <gi...@apache.org>.
xuwenping123 commented on PR #398:
URL: https://github.com/apache/flume/pull/398#issuecomment-1479660836
> The unit tests are failing when run with Java 11 as the truststore is using DSA. They work with Java 8. However, after upgrading from version 265 to 362 of Java 8 the tests fail. So the keystores need to be updated.
I am very sorry for the single test failure caused by my submission.
I continue to focus on the tests involved in this change.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@flume.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flume] rgoers merged pull request #398: FLUME-3452. Upgrade libthrift version to fix CVE 2020-1938
Posted by "rgoers (via GitHub)" <gi...@apache.org>.
rgoers merged PR #398:
URL: https://github.com/apache/flume/pull/398
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@flume.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flume] rgoers commented on pull request #398: FLUME-3452. Upgrade libthrift version to fix CVE 2020-1938
Posted by "rgoers (via GitHub)" <gi...@apache.org>.
rgoers commented on PR #398:
URL: https://github.com/apache/flume/pull/398#issuecomment-1474957786
Verified the build is still successful with this change.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@flume.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flume] rgoers commented on pull request #398: FLUME-3452. Upgrade libthrift version to fix CVE 2020-1938
Posted by "rgoers (via GitHub)" <gi...@apache.org>.
rgoers commented on PR #398:
URL: https://github.com/apache/flume/pull/398#issuecomment-1479776245
I apologize for making it seem like the unit test failures were due to this change. They were not. I just happened to notice that the CI builds were failing in the Thrift tests. When I used Java 11 on my computer I saw the same failures. Then I noticed the CI build was using a newer version of JDK 8 and when I upgraded to that I saw the same errors. I fixed the problem with FLUME-3460.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@flume.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flume] rgoers commented on pull request #398: FLUME-3452. Upgrade libthrift version to fix CVE 2020-1938
Posted by "rgoers (via GitHub)" <gi...@apache.org>.
rgoers commented on PR #398:
URL: https://github.com/apache/flume/pull/398#issuecomment-1478179238
The unit tests are failing when run with Java 11 as the truststore is using DSA. They work with Java 8.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@flume.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org