Skip to content

[SPARK-37090] Upgrade libthrift to avoid security vulnerabilities #34361

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
juliuszsompolski wants to merge 1 commit into from
Closed

[SPARK-37090] Upgrade libthrift to avoid security vulnerabilities #34361

juliuszsompolski wants to merge 1 commit into from

Conversation

@juliuszsompolski
Copy link
Contributor

@juliuszsompolski juliuszsompolski commented Oct 21, 2021

What changes were proposed in this pull request?

Upgrade libthrift dependency from 0.12.0 to 0.15.0

Why are the changes needed?

https://snyk.io/vuln/maven:org.apache.thrift%3Alibthrift lists a couple of high-impact vulnerabilities of libthrift 0.12.0, in particular

Keep the library up to date to fix vulnerabilities.

Does this PR introduce any user-facing change?

No.

How was this patch tested?

Existing tests.

@github-actions github-actions bot added the BUILD label Oct 21, 2021
@SparkQA
Copy link

SparkQA commented Oct 21, 2021

Test build #144517 has finished for PR 34361 at commit f9a5c60.

  • This patch fails to build.
  • This patch merges cleanly.
  • This patch adds no public classes.

@srowen
Copy link
Member

srowen commented Oct 21, 2021

See #34280 - Hyukjin already tried this. We can close this an the JIRA as a dupe.

@SparkQA
Copy link

SparkQA commented Oct 21, 2021

Kubernetes integration test unable to build dist.

exiting with code: 1
URL: https://amplab.cs.berkeley.edu/jenkins/job/SparkPullRequestBuilder-K8s/48988/

@AmplabJenkins
Copy link

AmplabJenkins commented Oct 21, 2021

Refer to this link for build results (access rights to CI server needed):
https://amplab.cs.berkeley.edu/jenkins//job/SparkPullRequestBuilder-K8s/48988/

@juliuszsompolski
Copy link
Contributor Author

juliuszsompolski commented Oct 21, 2021

Thanks @srowen for pointing this out.
@wangyum would you open https://github.com/apache/spark/compare/master...wangyum:thrift-0.15?expand=1 as PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

BUILD

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@juliuszsompolski @SparkQA @srowen @AmplabJenkins