Uploaded image for project: 'Apache Jena'
  1. Apache Jena
  2. JENA-1781

Upgrade Thrift to version 0.13.0

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • Jena 3.14.0
    • ARQ, OSGi
    • None

    Description

      OWASP Dependency Check identifies Thrift version 0.12.0 as having the following vulnerabilites:

      CVE-2019-0205

      CVE-2019-0210

      According to CASSANDRA-15420, this was partially fixed in version 0.11.0, but it still gets flagged as vulnerable.  This message from the thrift-dev mailing list states that the mitigation is to upgrade to version 0.13.0.

      Attachments

        Activity

          People

            andy Andy Seaborne
            treimann Ken Treimann
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1h
                1h