This repository has been archived by the owner on Nov 14, 2024. It is now read-only.
Upgrade libthrift dependency #6244
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Atlas depends on a version of libthrift that's vulnerable to https://nvd.nist.gov/vuln/detail/CVE-2020-13949 .
This dependency, however, is not exposed as a transitive dependency to downstream consumers. Instead, the version is being exposed is 0.9.2. While 0.9.2 is not affected, it will need to be upgraded eventually.
In the interest of future-proofing, it's worth looking at upgrading to 0.14.0 across the board.
The text was updated successfully, but these errors were encountered: