Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade thrift from 0.9.3 to 0.14.2 #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade thrift from 0.9.3 to 0.14.2 #1

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Aug 8, 2021

Snyk has created this PR to upgrade thrift from 0.9.3 to 0.14.2.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 8 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2021-06-17.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Denial of Service (DoS)
npm:ws:20171108		 761/1000
Why? Mature exploit, Has a fix available, CVSS 7.5		 Mature
Denial of Service (DoS)
npm:ws:20160624		 761/1000
Why? Mature exploit, Has a fix available, CVSS 7.5		 No Known Exploit
Denial of Service (DoS)
SNYK-JS-THRIFT-474613		 761/1000
Why? Mature exploit, Has a fix available, CVSS 7.5		 No Known Exploit
Insecure Randomness
npm:ws:20160920		 761/1000
Why? Mature exploit, Has a fix available, CVSS 7.5		 No Known Exploit
Remote Memory Exposure
npm:ws:20160104		 761/1000
Why? Mature exploit, Has a fix available, CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835		 761/1000
Why? Mature exploit, Has a fix available, CVSS 7.5		 No Known Exploit
Improper Access Control
SNYK-JS-THRIFT-173705		 761/1000
Why? Mature exploit, Has a fix available, CVSS 7.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: thrift
  • 0.14.2 - 2021-06-17

    For release 0.14.0 head over to the official release download source:
    http://thrift.apache.org/download

    The assets below are added by Github based on the release tag and they may therefore not match the checkums.

  • 0.14.1 - 2021-03-08

    For release 0.14.1 head over to the official release download source:
    http://thrift.apache.org/download

    The assets below are added by Github based on the release tag and they may therefore not match the checkums.

  • 0.14.0 - 2021-02-12

    For release 0.14.0 head over to the official release download source:
    http://thrift.apache.org/download

    The assets below are added by Github based on the release tag and they may therefore not match the checkums.

  • 0.13.0 - 2019-11-18

    For release 0.13.0 head over to the official release download source:
    http://thrift.apache.org/download

    The assets below are added by Github based on the release tag and they may therefore not match the checkums.

  • 0.13.0-hotfix.1 - 2020-10-20
  • 0.12.0 - 2019-02-12

    Apache Thrift Release 0.12.0

  • 0.11.0 - 2018-01-15

    Version 0.11.0

  • 0.10.0 - 2017-02-01

    thrift-0.10.0

  • 0.9.3 - 2015-10-12

    thrift-0.9.3

from thrift GitHub release notes
Commit messages
Package name: thrift
  • 57e24ca THRIFT-5369: Use MaxMessageSize to check container sizes
  • 63e86ce Version 0.14.2
  • d604602 THRIFT-5383 TJSONProtocol Java readString throws on bounds check
  • c1e33a8 version 0.14.1
  • 65291da version 0.14.1
  • 65fb49b THRIFT-5334 change version of thrift-maven-plugin to 0.14.0
  • 4a8b0f9 fix to publish haxelib
  • 13f9e9e fix nullptr exception in publishing.gradle
  • e89b3e1 THRIFT-5353: Fix import dedup without explicit go namespace
  • bb8fec7 Move ConflictingNamesTest to lib/go/test
  • abb8fa8 THRIFT-4914: Fix name redeclaration bug in compiled go code
  • cee3ddb THRIFT-5352: Fix construction of Py exceptions with no fields
  • 2c0f932 THRIFT-5347 Deprecate Haskell bindings
  • 011eb22 THRIFT-5350 char is unsigned on non-x86 arches, use signed char to avoid compiler warning about always true comparisons
  • d446f02 Added nuget package info to csproj, needed to publish the nuget package
  • 8411e18 Version 0.14.0
  • 0be1b7d Version 0.14.0
  • 705f377 Version 0.14.0
  • ebfa771 THRIFT-5274: Enforce Java 8 compatibility
  • 518163a Update README.md
  • de523c7 Updated CHANGES to reflect Version 0.14.0
  • 7ae1ec3 THRIFT-5297: Improve TThreadPoolServer Handling of Incoming Connections
  • ebc2ab5 THRIFT-5345: Allow the ServerContext to be Unwrapped Programmatically
  • 55016bf THRIFT-5343: TTlsSocketTransport does not resolve IPv4 addresses or validate hostnames correctly

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot