Details
-
Bug
-
Status: Closed
-
Blocker
-
Resolution: Duplicate
-
None
-
None
-
None
-
None
Description
We are using Jackson to emit JSON in at least one place in common and client. We don't need all of Jackson and all the associated trouble just to do that. Use a suitably licensed JSON library with no known vulnerability. This will avoid problems downstream because we are trying to avoid having them pull in a vulnerable Jackson via us so Jackson is a 'provided' scope transitive dependency of client and its in-project dependencies (like common).
Here's where I am referring to:
org.apache.hadoop.hbase.util.JsonMapper.<clinit>(JsonMapper.java:37)
at org.apache.hadoop.hbase.client.Operation.toJSON(Operation.java:70)
at org.apache.hadoop.hbase.client.Operation.toString(Operation.java:96)
Attachments
Issue Links
- duplicates
-
HBASE-23015 Replace Jackson with relocated gson everywhere but hbase-rest
- Closed
- is blocked by
-
HBASE-23052 hbase-thirdparty version of GSON that works for branch-1
- Closed