You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Scott W Gifford (Jira)" <ji...@apache.org> on 2019/12/16 02:31:00 UTC

[jira] [Updated] (HTTPCORE-615) Implement new cache serializer that is not based on Java Object Serialization

     [ https://issues.apache.org/jira/browse/HTTPCORE-615?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Scott W Gifford updated HTTPCORE-615:
-------------------------------------
    Description: 
HTTPCORE-578 was caused by the brittleness of using Java Object Serialization to store cache objects.  Java Object Serialization requires careful understanding of what sorts of changes require a new serialization version, with small mistakes leading to surprising results; further Java Object Serialization has security issues, and will be an optional feature in upcoming Java releases (with Jigsaw).  It would be better to have a more stable serialization approach.

Since the Apache client already knows how to communicate with HTTP, one simple approach would be to serialize as if we were writing to an HTTP client, and deserialize as if we were reading from an HTTP server.

I have developed a serializer that does that, and would like to contribute it back to the Apache project.

> Implement new cache serializer that is not based on Java Object Serialization
> -----------------------------------------------------------------------------
>
>                 Key: HTTPCORE-615
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-615
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>            Reporter: Scott W Gifford
>            Priority: Major
>
> HTTPCORE-578 was caused by the brittleness of using Java Object Serialization to store cache objects.  Java Object Serialization requires careful understanding of what sorts of changes require a new serialization version, with small mistakes leading to surprising results; further Java Object Serialization has security issues, and will be an optional feature in upcoming Java releases (with Jigsaw).  It would be better to have a more stable serialization approach.
> Since the Apache client already knows how to communicate with HTTP, one simple approach would be to serialize as if we were writing to an HTTP client, and deserialize as if we were reading from an HTTP server.
> I have developed a serializer that does that, and would like to contribute it back to the Apache project.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org