-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependencies to fix CVE-2020-13949 #21
Comments
PR to update: #22 |
Thanks Matt, I was not aware of the thrift issue. I noticed you closed the PR. Did that change result in something unexpected? |
@cswank updating thrift to latest |
@mcramer-billgo the files in schema/ needed to be re-generated with the v0.18.1 thrift tool. v0.8.0 of parsyl/parquet now uses thrift v0.18.1. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
Fix is in 0.14.0
The text was updated successfully, but these errors were encountered: