Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-12579

Deprecate WriteableRPCEngine

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.0.0-alpha2
    • Component/s: None
    • Labels:
      None

      Description

      The WriteableRPCEninge depends on Java's serialization mechanisms for RPC requests. Without proper checks, it has be shown that it can lead to security vulnerabilities such as remote code execution (e.g., COLLECTIONS-580, HADOOP-12577).

      The current implementation has migrated from WriteableRPCEngine to ProtobufRPCEngine now. This jira proposes to deprecate WriteableRPCEngine in branch-2 and to remove it in trunk.

        Attachments

        1. HADOOP-12579-v12.patch
          1 kB
          Wei Zhou
        2. HADOOP-12579-v11.patch
          103 kB
          Kai Zheng
        3. HADOOP-12579-v10.patch
          103 kB
          Kai Zheng
        4. HADOOP-12579-v9.patch
          103 kB
          Kai Zheng
        5. HADOOP-12579-v8.patch
          103 kB
          Kai Zheng
        6. HADOOP-12579-v7.patch
          101 kB
          Kai Zheng
        7. HADOOP-12579-v6.patch
          101 kB
          Kai Zheng
        8. HADOOP-12579-v5.patch
          99 kB
          Kai Zheng
        9. HADOOP-12579-v4.patch
          65 kB
          Kai Zheng
        10. HADOOP-12579-v3.patch
          86 kB
          Kai Zheng
        11. HADOOP-12579-v1.patch
          61 kB
          Kai Zheng

        Issue Links

          Activity

            People

            • Assignee:
              zhouwei Wei Zhou
              Reporter:
              wheat9 Haohui Mai

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment