Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-23061

Replace use of Jackson for JSON serde in hbase common and client modules

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Duplicate
    • None
    • None
    • None
    • None

    Description

      We are using Jackson to emit JSON in at least one place in common and client. We don't need all of Jackson and all the associated trouble just to do that. Use a suitably licensed JSON library with no known vulnerability. This will avoid problems downstream because we are trying to avoid having them pull in a vulnerable Jackson via us so Jackson is a 'provided' scope transitive dependency of client and its in-project dependencies (like common).

      Here's where I am referring to:

      org.apache.hadoop.hbase.util.JsonMapper.<clinit>(JsonMapper.java:37)
      at org.apache.hadoop.hbase.client.Operation.toJSON(Operation.java:70)
      at org.apache.hadoop.hbase.client.Operation.toString(Operation.java:96)

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              apurtell Andrew Kyle Purtell
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: