Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-12579

Deprecate WriteableRPCEngine

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.0.0-alpha2
    • None
    • None

    Description

      The WriteableRPCEninge depends on Java's serialization mechanisms for RPC requests. Without proper checks, it has be shown that it can lead to security vulnerabilities such as remote code execution (e.g., COLLECTIONS-580, HADOOP-12577).

      The current implementation has migrated from WriteableRPCEngine to ProtobufRPCEngine now. This jira proposes to deprecate WriteableRPCEngine in branch-2 and to remove it in trunk.

      Attachments

        1. HADOOP-12579-v1.patch
          61 kB
          Kai Zheng
        2. HADOOP-12579-v10.patch
          103 kB
          Kai Zheng
        3. HADOOP-12579-v11.patch
          103 kB
          Kai Zheng
        4. HADOOP-12579-v12.patch
          1 kB
          Wei Zhou
        5. HADOOP-12579-v3.patch
          86 kB
          Kai Zheng
        6. HADOOP-12579-v4.patch
          65 kB
          Kai Zheng
        7. HADOOP-12579-v5.patch
          99 kB
          Kai Zheng
        8. HADOOP-12579-v6.patch
          101 kB
          Kai Zheng
        9. HADOOP-12579-v7.patch
          101 kB
          Kai Zheng
        10. HADOOP-12579-v8.patch
          103 kB
          Kai Zheng
        11. HADOOP-12579-v9.patch
          103 kB
          Kai Zheng

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            zhouwei Wei Zhou
            wheat9 Haohui Mai
            Votes:
            0 Vote for this issue
            Watchers:
            17 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment