Bug 1372797 - mod_security's JSON parser requires yajl 2.x
Summary: mod_security's JSON parser requires yajl 2.x
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: yajl
Version: 6.7
Hardware: Unspecified
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: Daniel Berrangé
QA Contact: BaseOS QE - Apps
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-02 17:53 UTC by Robert Bost
Modified: 2019-12-16 06:36 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-09-05 10:06:37 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Robert Bost 2016-09-02 17:53:16 UTC
Description of problem:
mod_security is shipped with JBoss Web Server 3.x which has a build for RHEL 6. There is a feature in mod_security which parses request bodies with a JSON Content-Type but this feature requires yajl 2.x. 
Curerntly, JBoss Web Server 3.x's mod_security is not built with the JSON support since only yajl 1.x is available on RHEL 6. 

Could we update the yajl shipped with RHEL 6 to 2.x?


Version-Release number of selected component (if applicable): 
yajl-1.0.7-3


Additional info:
Reports related to JBoss Web Server and JBCS:
https://issues.jboss.org/browse/JBCS-61
https://issues.jboss.org/browse/JWS3-54

Comment 2 Daniel Berrangé 2016-09-05 10:06:37 UTC
yajl 2.x is not ABI / API compatible with yajl 1.x, so we cannot update this in RHEL-6.

If JBoss needs yajl 2.x, then best bet is for it to bundle a private build in its RPM.


Note You need to log in before you can comment on or make changes to this bug.