[
https://issues.apache.org/jira/browse/HBASE-23061?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sean Busbey resolved HBASE-23061.
---------------------------------
Fix Version/s: (was: 1.5.0)
Resolution: Duplicate
> Replace use of Jackson for JSON serde in hbase common and client modules
> ------------------------------------------------------------------------
>
> Key: HBASE-23061
> URL: https://issues.apache.org/jira/browse/HBASE-23061
> Project: HBase
> Issue Type: Bug
> Reporter: Andrew Purtell
> Priority: Blocker
>
> We are using Jackson to emit JSON in at least one place in common and client.
> We don't need all of Jackson and all the associated trouble just to do that.
> Use a suitably licensed JSON library with no known vulnerability. This will
> avoid problems downstream because we are trying to avoid having them pull in
> a vulnerable Jackson via us so Jackson is a 'provided' scope transitive
> dependency of client and its in-project dependencies (like common).
> Here's where I am referring to:
> org.apache.hadoop.hbase.util.JsonMapper.<clinit>(JsonMapper.java:37)
> at org.apache.hadoop.hbase.client.Operation.toJSON(Operation.java:70)
> at org.apache.hadoop.hbase.client.Operation.toString(Operation.java:96)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
