1372797 – mod_security's JSON parser requires yajl 2.x

Bug 1372797 - mod_security's JSON parser requires yajl 2.x

Summary: mod_security's JSON parser requires yajl 2.x

Keywords:
Status:	CLOSED CANTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	yajl
Sub Component:
Version:	6.7
Hardware:	Unspecified
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Daniel Berrangé
QA Contact:	BaseOS QE - Apps
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-09-02 17:53 UTC by Robert Bost
Modified:	2019-12-16 06:36 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-09-05 10:06:37 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Robert Bost 2016-09-02 17:53:16 UTC

Description of problem:
mod_security is shipped with JBoss Web Server 3.x which has a build for RHEL 6. There is a feature in mod_security which parses request bodies with a JSON Content-Type but this feature requires yajl 2.x. 
Curerntly, JBoss Web Server 3.x's mod_security is not built with the JSON support since only yajl 1.x is available on RHEL 6. 

Could we update the yajl shipped with RHEL 6 to 2.x?


Version-Release number of selected component (if applicable): 
yajl-1.0.7-3


Additional info:
Reports related to JBoss Web Server and JBCS:
https://issues.jboss.org/browse/JBCS-61
https://issues.jboss.org/browse/JWS3-54

Comment 2 Daniel Berrangé 2016-09-05 10:06:37 UTC

yajl 2.x is not ABI / API compatible with yajl 1.x, so we cannot update this in RHEL-6.

If JBoss needs yajl 2.x, then best bet is for it to bundle a private build in its RPM.

Note You need to log in before you can comment on or make changes to this bug.