[
https://issues.apache.org/jira/browse/HADOOP-12579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15094639#comment-15094639
]
Colin Patrick McCabe commented on HADOOP-12579:
-----------------------------------------------
+1 for the proposal.
It would also be nice if we could get rid of the "wrapper objects" that we
manually create, and just use the protocol buffers objects directly. HBase did
this and observed a performance improvement based on reduced garbage being
generated.
> Deprecate and remove WriteableRPCEngine
> ---------------------------------------
>
> Key: HADOOP-12579
> URL: https://issues.apache.org/jira/browse/HADOOP-12579
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Haohui Mai
>
> The {{WriteableRPCEninge}} depends on Java's serialization mechanisms for RPC
> requests. Without proper checks, it has be shown that it can lead to security
> vulnerabilities such as remote code execution (e.g., COLLECTIONS-580,
> HADOOP-12577).
> The current implementation has migrated from {{WriteableRPCEngine}} to
> {{ProtobufRPCEngine}} now. This jira proposes to deprecate
> {{WriteableRPCEngine}} in branch-2 and to remove it in trunk.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
