Haohui Mai created HADOOP-12579:
-----------------------------------
Summary: Deprecate and remove WriteableRPCEngine
Key: HADOOP-12579
URL: https://issues.apache.org/jira/browse/HADOOP-12579
Project: Hadoop Common
Issue Type: Improvement
Reporter: Haohui Mai
The {{WriteableRPCEninge}} depends on Java's serialization mechanisms for RPC
requests. Without proper checks, it has be shown that it can lead to security
vulnerabilities such as remote code execution (e.g., COLLECTIONS-580,
HADOOP-12577).
The current implementation has migrated from {{WriteableRPCEngine}} to
{{ProtobufRPCEngine}} now. This jira proposes to deprecate
{{WriteableRPCEngine}} in branch-2 and to remove it in trunk.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
