Skip to content

Commit

Permalink
log4j: upgrade for CVE-2021-44228
Browse files Browse the repository at this point in the history
  • Loading branch information
@dhalperi
dhalperi committed Dec 13, 2021
1 parent 542ebea commit 27a3616
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 48 deletions.
6 changes: 3 additions & 3 deletions library_deps.bzl
View file
Expand Up @@ -44,9 +44,9 @@ BATFISH_MAVEN_ARTIFACTS = [
"org.apache.commons:commons-text:1.9",
"org.apache.httpcomponents:httpclient:4.5.13", # managed up 2021-06-04 for CVE-2020-13956
"org.apache.httpcomponents:httpcore:4.4.14", # managed up 2021-06-04 for fixes
"org.apache.logging.log4j:log4j-api:2.14.1",
"org.apache.logging.log4j:log4j-core:2.14.1",
"org.apache.logging.log4j:log4j-slf4j-impl:2.14.1",
"org.apache.logging.log4j:log4j-api:2.15.0",
"org.apache.logging.log4j:log4j-core:2.15.0",
"org.apache.logging.log4j:log4j-slf4j-impl:2.15.0",
"org.apache.thrift:libthrift:0.14.0", # managed up: CVE-2020-13949
"org.apache.tomcat.embed:tomcat-embed-core:8.5.72", # managed up: CVE-2021-42340
"org.codehaus.jettison:jettison:1.4.0",
Expand Down
88 changes: 44 additions & 44 deletions maven_install.json
View file
@@ -1,8 +1,8 @@
{
"dependency_tree": {
"__AUTOGENERATED_FILE_DO_NOT_MODIFY_THIS_FILE_MANUALLY": "THERE_IS_NO_DATA_ONLY_ZUUL",
"__INPUT_ARTIFACTS_HASH": 1896899252,
"__RESOLVED_ARTIFACTS_HASH": -555704494,
"__INPUT_ARTIFACTS_HASH": 337657588,
"__RESOLVED_ARTIFACTS_HASH": 1465430016,
"conflict_resolution": {
"com.squareup.okhttp3:okhttp:3.14.8": "com.squareup.okhttp3:okhttp:4.2.2"
},
Expand Down Expand Up @@ -2313,112 +2313,112 @@
"url": "https://repo1.maven.org/maven2/org/apache/httpcomponents/httpcore/4.4.14/httpcore-4.4.14-sources.jar"
},
{
"coord": "org.apache.logging.log4j:log4j-api:2.14.1",
"coord": "org.apache.logging.log4j:log4j-api:2.15.0",
"dependencies": [],
"directDependencies": [],
"exclusions": [
"org.hamcrest:hamcrest-core"
],
"file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.14.1/log4j-api-2.14.1.jar",
"file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0.jar",
"mirror_urls": [
"https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.14.1/log4j-api-2.14.1.jar"
"https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0.jar"
],
"sha256": "8caf58db006c609949a0068110395a33067a2bad707c3da35e959c0473f9a916",
"url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.14.1/log4j-api-2.14.1.jar"
"sha256": "c8c33e7e8e05496dae69cf0caac8c3092cffd937a164526e92922d2d566d0a55",
"url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0.jar"
},
{
"coord": "org.apache.logging.log4j:log4j-api:jar:sources:2.14.1",
"coord": "org.apache.logging.log4j:log4j-api:jar:sources:2.15.0",
"dependencies": [],
"directDependencies": [],
"exclusions": [
"org.hamcrest:hamcrest-core"
],
"file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.14.1/log4j-api-2.14.1-sources.jar",
"file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0-sources.jar",
"mirror_urls": [
"https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.14.1/log4j-api-2.14.1-sources.jar"
"https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0-sources.jar"
],
"sha256": "c5f897392a2c3a55b053ae51c9d416909c5397d926592122255facafb7cdba26",
"url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.14.1/log4j-api-2.14.1-sources.jar"
"sha256": "7b90c074385493461fa2e942e7f2952f3bc88c7be195ef29f1fcfa8a740d6865",
"url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0-sources.jar"
},
{
"coord": "org.apache.logging.log4j:log4j-core:2.14.1",
"coord": "org.apache.logging.log4j:log4j-core:2.15.0",
"dependencies": [
"org.apache.logging.log4j:log4j-api:2.14.1"
"org.apache.logging.log4j:log4j-api:2.15.0"
],
"directDependencies": [
"org.apache.logging.log4j:log4j-api:2.14.1"
"org.apache.logging.log4j:log4j-api:2.15.0"
],
"exclusions": [
"org.hamcrest:hamcrest-core"
],
"file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1.jar",
"file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0.jar",
"mirror_urls": [
"https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1.jar"
"https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0.jar"
],
"sha256": "ade7402a70667a727635d5c4c29495f4ff96f061f12539763f6f123973b465b0",
"url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1.jar"
"sha256": "419a8512895971b7b4f4f33e620d361254e5c9552b904b0474b09ddd4a6a220b",
"url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0.jar"
},
{
"coord": "org.apache.logging.log4j:log4j-core:jar:sources:2.14.1",
"coord": "org.apache.logging.log4j:log4j-core:jar:sources:2.15.0",
"dependencies": [
"org.apache.logging.log4j:log4j-api:jar:sources:2.14.1"
"org.apache.logging.log4j:log4j-api:jar:sources:2.15.0"
],
"directDependencies": [
"org.apache.logging.log4j:log4j-api:jar:sources:2.14.1"
"org.apache.logging.log4j:log4j-api:jar:sources:2.15.0"
],
"exclusions": [
"org.hamcrest:hamcrest-core"
],
"file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1-sources.jar",
"file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0-sources.jar",
"mirror_urls": [
"https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1-sources.jar"
"https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0-sources.jar"
],
"sha256": "80d9908385151b33ca691d37ac94b855c1726f65ed5189564b8b2df1a752b9d9",
"url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1-sources.jar"
"sha256": "62f2fb49f4caacc0c56d6f29d5b5e346d26f2498f1fc393e60b24126886208d3",
"url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0-sources.jar"
},
{
"coord": "org.apache.logging.log4j:log4j-slf4j-impl:2.14.1",
"coord": "org.apache.logging.log4j:log4j-slf4j-impl:2.15.0",
"dependencies": [
"org.apache.logging.log4j:log4j-api:2.14.1",
"org.apache.logging.log4j:log4j-core:2.14.1",
"org.apache.logging.log4j:log4j-api:2.15.0",
"org.apache.logging.log4j:log4j-core:2.15.0",
"org.slf4j:slf4j-api:1.7.28"
],
"directDependencies": [
"org.apache.logging.log4j:log4j-api:2.14.1",
"org.apache.logging.log4j:log4j-core:2.14.1",
"org.apache.logging.log4j:log4j-api:2.15.0",
"org.apache.logging.log4j:log4j-core:2.15.0",
"org.slf4j:slf4j-api:1.7.28"
],
"exclusions": [
"org.hamcrest:hamcrest-core"
],
"file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.14.1/log4j-slf4j-impl-2.14.1.jar",
"file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.15.0/log4j-slf4j-impl-2.15.0.jar",
"mirror_urls": [
"https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.14.1/log4j-slf4j-impl-2.14.1.jar"
"https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.15.0/log4j-slf4j-impl-2.15.0.jar"
],
"sha256": "1e466dd397fb7dd903420c5172234a7d88d7f1a85aa4f5573105c0d9ce12fa33",
"url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.14.1/log4j-slf4j-impl-2.14.1.jar"
"sha256": "fd654a1aa0b34196be41aa9e1e53362493f1a89109ff931c79ad2d58cc90eaa6",
"url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.15.0/log4j-slf4j-impl-2.15.0.jar"
},
{
"coord": "org.apache.logging.log4j:log4j-slf4j-impl:jar:sources:2.14.1",
"coord": "org.apache.logging.log4j:log4j-slf4j-impl:jar:sources:2.15.0",
"dependencies": [
"org.apache.logging.log4j:log4j-api:jar:sources:2.14.1",
"org.apache.logging.log4j:log4j-core:jar:sources:2.14.1",
"org.apache.logging.log4j:log4j-api:jar:sources:2.15.0",
"org.apache.logging.log4j:log4j-core:jar:sources:2.15.0",
"org.slf4j:slf4j-api:jar:sources:1.7.28"
],
"directDependencies": [
"org.apache.logging.log4j:log4j-api:jar:sources:2.14.1",
"org.apache.logging.log4j:log4j-core:jar:sources:2.14.1",
"org.apache.logging.log4j:log4j-api:jar:sources:2.15.0",
"org.apache.logging.log4j:log4j-core:jar:sources:2.15.0",
"org.slf4j:slf4j-api:jar:sources:1.7.28"
],
"exclusions": [
"org.hamcrest:hamcrest-core"
],
"file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.14.1/log4j-slf4j-impl-2.14.1-sources.jar",
"file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.15.0/log4j-slf4j-impl-2.15.0-sources.jar",
"mirror_urls": [
"https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.14.1/log4j-slf4j-impl-2.14.1-sources.jar"
"https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.15.0/log4j-slf4j-impl-2.15.0-sources.jar"
],
"sha256": "3816567904457cc45907a4b4beacd99990a169ef988aef03fb78d901dee2b231",
"url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.14.1/log4j-slf4j-impl-2.14.1-sources.jar"
"sha256": "02a1333f492e63a95d4a3ab11bd0d90fb66ceebae5f3dfd8df70274d77bf23b5",
"url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.15.0/log4j-slf4j-impl-2.15.0-sources.jar"
},
{
"coord": "org.apache.thrift:libthrift:0.14.0",
Expand Down
2 changes: 1 addition & 1 deletion projects/pom.xml
View file
Expand Up @@ -83,7 +83,7 @@
<jsonassert.version>1.5.0</jsonassert.version>
<jsr305.version>3.0.2</jsr305.version>
<junit.version>4.12</junit.version>
<log4j.version>2.14.1</log4j.version>
<log4j.version>2.15.0</log4j.version>
<lz4.version>1.7.1</lz4.version>
<mockito.version>3.3.3</mockito.version>
<opentracing-jaxrs2.version>1.0.0</opentracing-jaxrs2.version>
Expand Down

0 comments on commit 27a3616

Please sign in to comment.