cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Keong Lim <>
Subject Replacement of Jackson usage in Cassandra with some other JSON library e.g. gson?
Date Thu, 11 Oct 2018 08:27:22 GMT
Hi all,

I have been working on another open source project called ONAP:

As part of that system, there is a database using with the Cassandra
The ONAP code has been scanned for vulnerabilities and the scans identified the FasterXML
Jackson library as a problem.

While we can address our code issues (e.g. to rewrite using some other JSON library) and substitute
Spring Boot dependencies (e.g. JAX-RS), we are unsure of how to handle Cassandra's usage of

Searching through the mailing list archives and JIRA cases, I can see that some effort has
been made to upgrade Jackson in Cassandra, e.g.


And that there has also been some movement from a different JSON library towards Jackson:

The analysis done in CASSANDRA-14427 reached similar conclusions as in the ONAP project, i.e.
"We don't do this".
However, we are still attempting to completely eliminate the Jackson vulnerabilities by replacing
it with something else, e.g.

There is a comment on that requested
some abstraction layer around the JSON parsing:

- "Maybe we could abstract slighty our use of jackson (put the helpers we need in
maybe?), so that 1) we have only one place to change if we upgrade jackson and the API change
(or we want to change of library) and 2) we save creating multiple ObjectMapper or JsonStringEncoder

Has this JSON abstraction has been implemented and can be used to effectively substitute Jackson
for gson in Cassandra?

What is the possibility for Cassandra to completely eliminate usage of Jackson and replace
it with gson?

Could such a replacement of Jackson be on the roadmap for Cassandra?

The current direction of the investigation in the ONAP project is to replace Jackson with
gson, since gson has also been scanned for vulnerabilities and does not appear in the reports
as needing any upgrade.

Thanks for your time,

Customer Experience and Platform Integration R&D Dept
Keong Lim, Huawei Technologies Co. Ltd (
Ground Floor, Suite 1, 5 Lakeside Drive, BURWOOD EAST VIC 3151 AUSTRALIA
  "If ye love wealth better than liberty, the tranquillity of servitude than the
   animating contest of freedom-go from us in peace. We ask not your counsels
   or arms. Crouch down and lick the hands which feed you. May your chains sit
   lightly upon you, and may posterity forget that ye were our countrymen!"
    - Samuel Adams

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message