scrooge icon indicating copy to clipboard operation
scrooge copied to clipboard
verified publisher icon twitter

Upgrading libthrift to a newer version, security vulnerabilities

Open jospint opened this issue 2 years ago • 1 comments

Hi there,

Are there any plans to upgrade Scrooge (and by extension, Finagle) to a newer version of libthrift? The version currently supported is 0.10.0, released in February 2017 and it is affected by 5 security vulnerabilities.

EDIT: Snyk created a pull request for it in January: https://github.com/twitter/scrooge/pull/357

jospint avatar Mar 28 '23 08:03 jospint

Snyk created a pull request for it in January: #357

Note that this PR was an automated one that didn't update '0.10.0 all the right places - https://github.com/twitter/scrooge/pull/367 is a fuller attempt.

rtyley avatar Mar 12 '24 16:03 rtyley