Andrew Purtell created HBASE-23061:
--------------------------------------
Summary: Replace use of Jackson for JSON serde in hbase common and
client modules
Key: HBASE-23061
URL: https://issues.apache.org/jira/browse/HBASE-23061
Project: HBase
Issue Type: Bug
Reporter: Andrew Purtell
Fix For: 1.5.0
We are using Jackson to emit JSON in at least one place in common and client.
We don't need all of Jackson and all the associated trouble just to do that.
Use a suitably licensed JSON library with no known vulnerability. This will
avoid problems downstream because we are trying to avoid having them pull in a
vulnerable Jackson via us so Jackson is a provided scope.
Here's where I am referring to:
org.apache.hadoop.hbase.util.JsonMapper.<clinit>(JsonMapper.java:37)
at org.apache.hadoop.hbase.client.Operation.toJSON(Operation.java:70)
at org.apache.hadoop.hbase.client.Operation.toString(Operation.java:96)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
