From b9a8b7839c21ecc7ed52dc08a2b1383484c525c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fl=C3=A1vio=20Schuindt?= Date: Mon, 20 Dec 2021 19:25:01 -0800 Subject: [PATCH] Bump log4j to 2.17.0 to fix log4shell vulnerability --- contribs/dependencies.lock | 8 +++---- es5-persistence/dependencies.lock | 16 +++++++------- es6-persistence/dependencies.lock | 16 +++++++------- es7-persistence/dependencies.lock | 16 +++++++------- server/dependencies.lock | 36 +++++++++++++++---------------- test-harness/dependencies.lock | 16 +++++++------- versionsOfDependencies.gradle | 4 ++-- 7 files changed, 56 insertions(+), 56 deletions(-) diff --git a/contribs/dependencies.lock b/contribs/dependencies.lock index 37c3b401cd..1aec2ecb2c 100644 --- a/contribs/dependencies.lock +++ b/contribs/dependencies.lock @@ -7,7 +7,7 @@ "locked": "1.11.86" }, "com.amazonaws:aws-java-sdk-sqs": { - "locked": "1.12.129" + "locked": "1.12.130" }, "com.fasterxml.jackson.core:jackson-core": { "firstLevelTransitive": [ @@ -184,7 +184,7 @@ "locked": "1.11.86" }, "com.amazonaws:aws-java-sdk-sqs": { - "locked": "1.12.129" + "locked": "1.12.130" }, "com.fasterxml.jackson.core:jackson-core": { "firstLevelTransitive": [ @@ -348,7 +348,7 @@ "locked": "1.11.86" }, "com.amazonaws:aws-java-sdk-sqs": { - "locked": "1.12.129" + "locked": "1.12.130" }, "com.fasterxml.jackson.core:jackson-core": { "firstLevelTransitive": [ @@ -527,7 +527,7 @@ "locked": "1.11.86" }, "com.amazonaws:aws-java-sdk-sqs": { - "locked": "1.12.129" + "locked": "1.12.130" }, "com.fasterxml.jackson.core:jackson-core": { "firstLevelTransitive": [ diff --git a/es5-persistence/dependencies.lock b/es5-persistence/dependencies.lock index b852fa3504..c260f45e81 100644 --- a/es5-persistence/dependencies.lock +++ b/es5-persistence/dependencies.lock @@ -126,10 +126,10 @@ "locked": "3.0" }, "org.apache.logging.log4j:log4j-api": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.elasticsearch.client:elasticsearch-rest-client": { "locked": "5.6.8" @@ -294,10 +294,10 @@ "locked": "3.0" }, "org.apache.logging.log4j:log4j-api": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.elasticsearch.client:elasticsearch-rest-client": { "locked": "5.6.8" @@ -455,10 +455,10 @@ "locked": "3.0" }, "org.apache.logging.log4j:log4j-api": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.awaitility:awaitility": { "locked": "3.1.2" @@ -625,10 +625,10 @@ "locked": "3.0" }, "org.apache.logging.log4j:log4j-api": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.awaitility:awaitility": { "locked": "3.1.2" diff --git a/es6-persistence/dependencies.lock b/es6-persistence/dependencies.lock index bbcb5c3e9f..45d5cbf578 100644 --- a/es6-persistence/dependencies.lock +++ b/es6-persistence/dependencies.lock @@ -126,10 +126,10 @@ "locked": "3.0" }, "org.apache.logging.log4j:log4j-api": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.elasticsearch.client:elasticsearch-rest-client": { "locked": "6.8.12" @@ -294,10 +294,10 @@ "locked": "3.0" }, "org.apache.logging.log4j:log4j-api": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.glassfish:javax.el": { "firstLevelTransitive": [ @@ -457,10 +457,10 @@ "locked": "3.0" }, "org.apache.logging.log4j:log4j-api": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.awaitility:awaitility": { "locked": "3.1.2" @@ -627,10 +627,10 @@ "locked": "3.0" }, "org.apache.logging.log4j:log4j-api": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.awaitility:awaitility": { "locked": "3.1.2" diff --git a/es7-persistence/dependencies.lock b/es7-persistence/dependencies.lock index f46c7525df..8578e3f7bf 100644 --- a/es7-persistence/dependencies.lock +++ b/es7-persistence/dependencies.lock @@ -126,10 +126,10 @@ "locked": "3.0" }, "org.apache.logging.log4j:log4j-api": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.elasticsearch.client:elasticsearch-rest-client": { "locked": "7.10.1" @@ -294,10 +294,10 @@ "locked": "3.0" }, "org.apache.logging.log4j:log4j-api": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.glassfish:javax.el": { "firstLevelTransitive": [ @@ -457,10 +457,10 @@ "locked": "3.0" }, "org.apache.logging.log4j:log4j-api": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.awaitility:awaitility": { "locked": "3.1.2" @@ -627,10 +627,10 @@ "locked": "3.0" }, "org.apache.logging.log4j:log4j-api": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { - "locked": "2.11.1" + "locked": "2.17.0" }, "org.awaitility:awaitility": { "locked": "3.1.2" diff --git a/server/dependencies.lock b/server/dependencies.lock index b3e11f0f36..d1324c2845 100644 --- a/server/dependencies.lock +++ b/server/dependencies.lock @@ -10,7 +10,7 @@ "firstLevelTransitive": [ "com.netflix.conductor:conductor-contribs" ], - "locked": "1.12.129" + "locked": "1.12.130" }, "com.datastax.cassandra:cassandra-driver-core": { "firstLevelTransitive": [ @@ -355,14 +355,14 @@ "com.netflix.conductor:conductor-es5-persistence", "com.netflix.conductor:conductor-es6-persistence" ], - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { "firstLevelTransitive": [ "com.netflix.conductor:conductor-es5-persistence", "com.netflix.conductor:conductor-es6-persistence" ], - "locked": "2.11.1" + "locked": "2.17.0" }, "org.eclipse.jetty:jetty-jmx": { "locked": "9.4.22.v20191022" @@ -453,7 +453,7 @@ "firstLevelTransitive": [ "com.netflix.conductor:conductor-contribs" ], - "locked": "1.12.129" + "locked": "1.12.130" }, "com.datastax.cassandra:cassandra-driver-core": { "firstLevelTransitive": [ @@ -798,14 +798,14 @@ "com.netflix.conductor:conductor-es5-persistence", "com.netflix.conductor:conductor-es6-persistence" ], - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { "firstLevelTransitive": [ "com.netflix.conductor:conductor-es5-persistence", "com.netflix.conductor:conductor-es6-persistence" ], - "locked": "2.11.1" + "locked": "2.17.0" }, "org.eclipse.jetty:jetty-jmx": { "locked": "9.4.22.v20191022" @@ -956,7 +956,7 @@ "firstLevelTransitive": [ "com.netflix.conductor:conductor-contribs" ], - "locked": "1.12.129" + "locked": "1.12.130" }, "com.datastax.cassandra:cassandra-driver-core": { "firstLevelTransitive": [ @@ -1301,14 +1301,14 @@ "com.netflix.conductor:conductor-es5-persistence", "com.netflix.conductor:conductor-es6-persistence" ], - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { "firstLevelTransitive": [ "com.netflix.conductor:conductor-es5-persistence", "com.netflix.conductor:conductor-es6-persistence" ], - "locked": "2.11.1" + "locked": "2.17.0" }, "org.eclipse.jetty:jetty-jmx": { "locked": "9.4.22.v20191022" @@ -1399,7 +1399,7 @@ "firstLevelTransitive": [ "com.netflix.conductor:conductor-contribs" ], - "locked": "1.12.129" + "locked": "1.12.130" }, "com.datastax.cassandra:cassandra-driver-core": { "firstLevelTransitive": [ @@ -1744,14 +1744,14 @@ "com.netflix.conductor:conductor-es5-persistence", "com.netflix.conductor:conductor-es6-persistence" ], - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { "firstLevelTransitive": [ "com.netflix.conductor:conductor-es5-persistence", "com.netflix.conductor:conductor-es6-persistence" ], - "locked": "2.11.1" + "locked": "2.17.0" }, "org.elasticsearch.client:elasticsearch-rest-client": { "firstLevelTransitive": [ @@ -1833,7 +1833,7 @@ "firstLevelTransitive": [ "com.netflix.conductor:conductor-contribs" ], - "locked": "1.12.129" + "locked": "1.12.130" }, "com.datastax.cassandra:cassandra-driver-core": { "firstLevelTransitive": [ @@ -2181,14 +2181,14 @@ "com.netflix.conductor:conductor-es5-persistence", "com.netflix.conductor:conductor-es6-persistence" ], - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { "firstLevelTransitive": [ "com.netflix.conductor:conductor-es5-persistence", "com.netflix.conductor:conductor-es6-persistence" ], - "locked": "2.11.1" + "locked": "2.17.0" }, "org.eclipse.jetty:jetty-jmx": { "locked": "9.4.22.v20191022" @@ -2282,7 +2282,7 @@ "firstLevelTransitive": [ "com.netflix.conductor:conductor-contribs" ], - "locked": "1.12.129" + "locked": "1.12.130" }, "com.datastax.cassandra:cassandra-driver-core": { "firstLevelTransitive": [ @@ -2630,14 +2630,14 @@ "com.netflix.conductor:conductor-es5-persistence", "com.netflix.conductor:conductor-es6-persistence" ], - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { "firstLevelTransitive": [ "com.netflix.conductor:conductor-es5-persistence", "com.netflix.conductor:conductor-es6-persistence" ], - "locked": "2.11.1" + "locked": "2.17.0" }, "org.eclipse.jetty:jetty-jmx": { "locked": "9.4.22.v20191022" diff --git a/test-harness/dependencies.lock b/test-harness/dependencies.lock index e590db0397..25cbf85bb2 100644 --- a/test-harness/dependencies.lock +++ b/test-harness/dependencies.lock @@ -14,7 +14,7 @@ "firstLevelTransitive": [ "com.netflix.conductor:conductor-client" ], - "locked": "1.12.129" + "locked": "1.12.130" }, "com.amazonaws:aws-java-sdk-s3": { "firstLevelTransitive": [ @@ -26,7 +26,7 @@ "firstLevelTransitive": [ "com.netflix.conductor:conductor-contribs" ], - "locked": "1.12.129" + "locked": "1.12.130" }, "com.datastax.cassandra:cassandra-driver-core": { "firstLevelTransitive": [ @@ -474,14 +474,14 @@ "com.netflix.conductor:conductor-es5-persistence", "com.netflix.conductor:conductor-es6-persistence" ], - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { "firstLevelTransitive": [ "com.netflix.conductor:conductor-es5-persistence", "com.netflix.conductor:conductor-es6-persistence" ], - "locked": "2.11.1" + "locked": "2.17.0" }, "org.awaitility:awaitility": { "locked": "3.1.2" @@ -590,7 +590,7 @@ "firstLevelTransitive": [ "com.netflix.conductor:conductor-client" ], - "locked": "1.12.129" + "locked": "1.12.130" }, "com.amazonaws:aws-java-sdk-s3": { "firstLevelTransitive": [ @@ -602,7 +602,7 @@ "firstLevelTransitive": [ "com.netflix.conductor:conductor-contribs" ], - "locked": "1.12.129" + "locked": "1.12.130" }, "com.datastax.cassandra:cassandra-driver-core": { "firstLevelTransitive": [ @@ -1050,14 +1050,14 @@ "com.netflix.conductor:conductor-es5-persistence", "com.netflix.conductor:conductor-es6-persistence" ], - "locked": "2.11.1" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-core": { "firstLevelTransitive": [ "com.netflix.conductor:conductor-es5-persistence", "com.netflix.conductor:conductor-es6-persistence" ], - "locked": "2.11.1" + "locked": "2.17.0" }, "org.awaitility:awaitility": { "locked": "3.1.2" diff --git a/versionsOfDependencies.gradle b/versionsOfDependencies.gradle index 1476bb4c9c..37c6a7459c 100644 --- a/versionsOfDependencies.gradle +++ b/versionsOfDependencies.gradle @@ -41,8 +41,8 @@ ext { revJUnit = '4.12' revJsr311Api = '1.1.1' revJq = '0.0.12' - revLog4jApi = '2.11.1' - revLog4jCore = '2.11.1' + revLog4jApi = '2.17.0' + revLog4jCore = '2.17.0' revMockito = '3.1.0' revPowerMock = '2.0.9' revMySqlConnector = '8.0.11'