tools icon indicating copy to clipboard operation
tools copied to clipboard

Published 20 hours ago verified publisher icon spdx

Update libthrift to version 0.12.0

Open goneall opened this issue 5 years ago • 5 comments

The current version used by Jena ARQ is 0.10.0 which has a medium severity CVE-2018-11798.

Although likely does not pose a threat to the current usage of libthrift within the SPDX tools, it should be upgraded to remove the vulnerability.

goneall avatar Apr 07 '19 17:04 goneall

The POM file already has version 0.12.0 specified before Jena dependency. For some reason, 0.10.0 is still being included in the executables. Perhaps someone more familiar with POM files could take a look and see what the issue is and provide a PR to fix.

goneall avatar Apr 07 '19 17:04 goneall

@goneall Can I work on this?

imskr avatar Jun 07 '20 18:06 imskr

@imskr Yes - thanks

goneall avatar Jun 07 '20 20:06 goneall

@imskr Are you still working on it?

Gautime avatar Jun 16 '20 15:06 Gautime

Yeah

imskr avatar Jun 16 '20 15:06 imskr