-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
THRIFT-5237 Implement MAX_MESSAGE_SIZE and consolidate limits into a TConfiguration class(JAVA) #2191
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5db90a8
to
2d01209
Compare
Could you do a rebase? I'd like to look at this PR. |
d5c7f66
to
ff1a8dc
Compare
Done. |
Jens-G
requested changes
Sep 12, 2020
lib/java/test/org/apache/thrift/transport/TestAutoExpandingBufferWriteTransport.java
Outdated
Show resolved
Hide resolved
lib/java/src/org/apache/thrift/transport/layered/TFramedTransport.java
Outdated
Show resolved
Hide resolved
ping |
0949d47
to
ec78d2b
Compare
Jens-G
approved these changes
Sep 16, 2020
ec78d2b
to
63213c1
Compare
+1 review LGTM, not tested. Merge? |
Thank you for reviewing this. I would like to merge it , WDYT ? |
Do it. |
@zeshuai007 any chance you could do something similar for Go? |
Closed
3 tasks
pan3793
added a commit
to apache/kyuubi-shaded
that referenced
this pull request
Feb 29, 2024
…ting DelegationToken ### _Why are the changes needed?_ org.apache.thrift:libthrift:0.9.3 has serveral CVEs: - CVE-2020-13949 - THRIFT-5237(fixed in 0.14.0) - apache/thrift#2191 - CVE-2019-0205 - THRIFT-4053(fixed in 0.11.0) - apache/thrift#1371 - CVE-2018-1320 - THRIFT-4506(fixed in 0.9.3.1) HiveMetaStoreClient of Hive 2.3.9 and 3.1.3 depends on libthrift:0.9.3 and Kyuubi currently uses it to get HMS delegation token. As Kyuubi only use HiveMetaStoreClient to get delegation token, we think it is better to create a lightweight HiveMetaStoreClient with only the necessary api so that we can: - Decouple Kyuubi's libthrift version from Hive - Remove unnessary dependencies introduced by vanilla HiveMetaStoreClient ### _How was this patch tested?_ - [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible - [x] Add screenshots for manual tests if appropriate <img width="1483" alt="image" src="https://github.com/apache/kyuubi-shaded/assets/88070094/e3198035-6db4-46b1-a47c-db66cb9a9acb"> - [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request Closes #35 from zhouyifan279/hive-metastore-client. b1654cb [Cheng Pan] nit b8ec695 [Cheng Pan] fix IDE 2034d62 [Cheng Pan] migrate to kyuubi shaded zk 1cf969e [zhouyifan279] Rename package 170f2e3 [zhouyifan279] Rename package fe442fc [zhouyifan279] Rename package fe6f97e [zhouyifan279] Remove unused MetastoreConf.ConfVars 620e834 [zhouyifan279] draft 993218e [zhouyifan279] draft Lead-authored-by: zhouyifan279 <zhouyifan279@gmail.com> Co-authored-by: Cheng Pan <chengpan@apache.org> Signed-off-by: Cheng Pan <chengpan@apache.org>
3 tasks
pan3793
added a commit
to apache/kyuubi-shaded
that referenced
this pull request
Feb 29, 2024
### _Why are the changes needed?_ The current Thrift 0.9.3-1 has the following CVEs. - CVE-2020-13949 - THRIFT-5237(fixed in 0.14.0) - apache/thrift#2191 - CVE-2019-0205 - THRIFT-4053(fixed in 0.11.0) - apache/thrift#1371 - CVE-2018-11798 - only affects NodeJS We choose to upgrade 0.16.0 because - has no CVEs reported yet - the latest Hive 4.0.0-beta1 uses Thrift 0.16.0 - Thrift 0.17.0 ~ 0.18.1 has issues on transitive deps - Thrift 0.18.0 is built on Java 11, which is not compatible with Java 8 - Thrift 0.19.0 restores support for Java 8, but upgrades Apache Http Client5, it involves additional deps Also, this PR overrides one class `org.apache.thrift.partial.Validate` to remove dependency of Apache Commons Lang3 ### _How was this patch tested?_ - [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible - [ ] Add screenshots for manual tests if appropriate - [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request Closes #39 from pan3793/thrift-0.16. 2b7dd2b [Cheng Pan] Bump Thrift 0.16.0 Authored-by: Cheng Pan <chengpan@apache.org> Signed-off-by: Cheng Pan <chengpan@apache.org>
rtyley
added a commit
to guardian/scrooge
that referenced
this pull request
Mar 12, 2024
Scrooge's `TArrayByteTransport` and `TReusableMemoryTransport` classes both extend libthrift's abstract `org.apache.thrift.transport.TTransport` class. That class gained 3 new abstract members with apache/thrift#2191 (September 2020), released with libthrift v0.14.0 (February 2021). Consequently, both classes currently fail to compile, due to missing implementations for these methods: def checkReadBytesAvailable(x$1: Long): Unit = ??? def getConfiguration(): org.apache.thrift.TConfiguration = ??? def updateKnownMessageSize(x$1: Long): Unit = ??? Note that Snyk PR twitter#357 updates only one of several files that needs to be updated for a libthrift upgrade, and the most important file is probably `build.sbt`, not `demos/scrooge-maven-demo/pom.xml`.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[skip ci]
anywhere in the commit message to free up build resources.