I noticed issue #48 talks about upgrading to jaeger 0.35.1. I think that issue should have been closed actually since this now uses jaeger 0.35.1. Unfortunately, a couple other high severity CVEs have been discovered in the version of lib-thrift that is used by jaeger 0.35.1. Jaeger 1.1.0 uses a newer version of lib-thrift that doesn't have those CVEs, so hopefully we can upgrade. These are the CVEs I am referring to:
I noticed issue #48 talks about upgrading to jaeger 0.35.1. I think that issue should have been closed actually since this now uses jaeger 0.35.1. Unfortunately, a couple other high severity CVEs have been discovered in the version of lib-thrift that is used by jaeger 0.35.1. Jaeger 1.1.0 uses a newer version of lib-thrift that doesn't have those CVEs, so hopefully we can upgrade. These are the CVEs I am referring to: