commit | ea08e6d7b3a9c4803c42b739b43105df0fce0d3e | [log] [tgz] |
---|---|---|
author | Lari Hotari <lhotari@users.noreply.github.com> | Fri Aug 13 11:53:23 2021 +0300 |
committer | GitHub <noreply@github.com> | Fri Aug 13 10:53:23 2021 +0200 |
tree | 1b67d6c94911d98bd3eb5ab4191ed99bc887899d | |
parent | 67f934e5d1ccab5eab1053d808f65cd7cf1c70c4 [diff] |
[SECURITY] Upgrade libthrift to 0.14.2 to address multiple CVEs Fixes #2512 ### Motivation See #2512 The current libthrift version 0.12.0 has multiple vulnerabilities: - CVE-2019-0205 , CVE-2019-0210 , CVE-2020-13949 ### Motivation - Upgrade libthrift version to 0.14.1 and fix compilation errors - exclude new transitive dependencies org.apache.tomcat.embed:tomcat-embed-core and javax.annotation:javax.annotation-api Reviewers: Enrico Olivelli <eolivelli@gmail.com>, Andrey Yegorov <None> This closes #2695 from lhotari/lh-upgrade-libthrift
Apache BookKeeper is a scalable, fault tolerant and low latency storage service optimized for append-only workloads.
It is suitable for being used in following scenarios:
Please visit the Documentation from the project website for more information.
For filing bugs, suggesting improvements, or requesting new features, help us out by opening a Github issue or opening an Apache jira.
Subscribe or mail the user@bookkeeper.apache.org list - Ask questions, find answers, and also help other users.
Subscribe or mail the dev@bookkeeper.apache.org list - Join development discussions, propose new ideas and connect with contributors.
Join us on Slack - This is the most immediate way to connect with Apache BookKeeper committers and contributors.
We feel that a welcoming open community is important and welcome contributions.
See Developer Setup to get your local environment setup.
Take a look at our open issues: JIRA Issues Github Issues.
Review our coding style and follow our pull requests to learn about our conventions.
Make your changes according to our contribution guide.