Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update apache/thrift dependency to fix CVE-2020-13949 #1098

Merged
merged 2 commits into from
Jun 3, 2021
Merged

Update apache/thrift dependency to fix CVE-2020-13949 #1098

merged 2 commits into from
Jun 3, 2021

Conversation

Enrico204
Copy link
Contributor

Current version of github.com/apache/thrift (v0.13.0) is affected by CVE-2020-13949.

This pull request updates the dependency to v0.14.1.

@peterbourgon
Copy link
Member

@Enrico204 Thanks! Can you please fix the examples and tests?

@Enrico204
Copy link
Contributor Author

Yes! I think that tests and examples are OK now :-)

(I ran the same go test command from CI/CD locally and all tests are PASS now)

@peterbourgon peterbourgon merged commit d056e6d into go-kit:master Jun 3, 2021
@Enrico204 Enrico204 deleted the update-apache-thrift branch June 12, 2021 07:26
@sagikazarmark sagikazarmark added this to the v0.11.0 milestone Jun 19, 2021
jamesgist pushed a commit to jamesgist/kit that referenced this pull request Nov 1, 2024
* Update apache/thrift dependency to fix CVE-2020-13949

* Re-generate examples/addsvc thrift code
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants