twitter / scrooge

A Thrift parser/generator
http://twitter.github.io/scrooge/
Apache License 2.0
793 stars 247 forks source link

Upgrading libthrift to a newer version, security vulnerabilities #363

Open jospint opened 1 year ago

jospint commented 1 year ago

Hi there,

Are there any plans to upgrade Scrooge (and by extension, Finagle) to a newer version of libthrift? The version currently supported is 0.10.0, released in February 2017 and it is affected by 5 security vulnerabilities.

EDIT: Snyk created a pull request for it in January: https://github.com/twitter/scrooge/pull/357

rtyley commented 7 months ago

Snyk created a pull request for it in January: #357

Note that this PR was an automated one that didn't update '0.10.0 all the right places - https://github.com/twitter/scrooge/pull/367 is a fuller attempt.