Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-12579

Deprecate WriteableRPCEngine

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.0.0-alpha2
    • None
    • None

    Description

      The WriteableRPCEninge depends on Java's serialization mechanisms for RPC requests. Without proper checks, it has be shown that it can lead to security vulnerabilities such as remote code execution (e.g., COLLECTIONS-580, HADOOP-12577).

      The current implementation has migrated from WriteableRPCEngine to ProtobufRPCEngine now. This jira proposes to deprecate WriteableRPCEngine in branch-2 and to remove it in trunk.

      Attachments

        1. HADOOP-12579-v9.patch
          103 kB
          Kai Zheng
        2. HADOOP-12579-v8.patch
          103 kB
          Kai Zheng
        3. HADOOP-12579-v7.patch
          101 kB
          Kai Zheng
        4. HADOOP-12579-v6.patch
          101 kB
          Kai Zheng
        5. HADOOP-12579-v5.patch
          99 kB
          Kai Zheng
        6. HADOOP-12579-v4.patch
          65 kB
          Kai Zheng
        7. HADOOP-12579-v3.patch
          86 kB
          Kai Zheng
        8. HADOOP-12579-v12.patch
          1 kB
          Wei Zhou
        9. HADOOP-12579-v11.patch
          103 kB
          Kai Zheng
        10. HADOOP-12579-v10.patch
          103 kB
          Kai Zheng
        11. HADOOP-12579-v1.patch
          61 kB
          Kai Zheng

        Issue Links

          Activity

            People

              zhouwei Wei Zhou
              wheat9 Haohui Mai
              Votes:
              0 Vote for this issue
              Watchers:
              17 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: