From 27a3616bd35da0b419b226c558f275dbaf4a5030 Mon Sep 17 00:00:00 2001 From: Daniel Halperin Date: Mon, 13 Dec 2021 11:56:40 -0800 Subject: [PATCH] log4j: upgrade for CVE-2021-44228 --- library_deps.bzl | 6 ++-- maven_install.json | 88 +++++++++++++++++++++++----------------------- projects/pom.xml | 2 +- 3 files changed, 48 insertions(+), 48 deletions(-) diff --git a/library_deps.bzl b/library_deps.bzl index 476cf2eef37..eb8fb16004d 100644 --- a/library_deps.bzl +++ b/library_deps.bzl @@ -44,9 +44,9 @@ BATFISH_MAVEN_ARTIFACTS = [ "org.apache.commons:commons-text:1.9", "org.apache.httpcomponents:httpclient:4.5.13", # managed up 2021-06-04 for CVE-2020-13956 "org.apache.httpcomponents:httpcore:4.4.14", # managed up 2021-06-04 for fixes - "org.apache.logging.log4j:log4j-api:2.14.1", - "org.apache.logging.log4j:log4j-core:2.14.1", - "org.apache.logging.log4j:log4j-slf4j-impl:2.14.1", + "org.apache.logging.log4j:log4j-api:2.15.0", + "org.apache.logging.log4j:log4j-core:2.15.0", + "org.apache.logging.log4j:log4j-slf4j-impl:2.15.0", "org.apache.thrift:libthrift:0.14.0", # managed up: CVE-2020-13949 "org.apache.tomcat.embed:tomcat-embed-core:8.5.72", # managed up: CVE-2021-42340 "org.codehaus.jettison:jettison:1.4.0", diff --git a/maven_install.json b/maven_install.json index 4ab4a31bf6f..98ae4bf9ffa 100644 --- a/maven_install.json +++ b/maven_install.json @@ -1,8 +1,8 @@ { "dependency_tree": { "__AUTOGENERATED_FILE_DO_NOT_MODIFY_THIS_FILE_MANUALLY": "THERE_IS_NO_DATA_ONLY_ZUUL", - "__INPUT_ARTIFACTS_HASH": 1896899252, - "__RESOLVED_ARTIFACTS_HASH": -555704494, + "__INPUT_ARTIFACTS_HASH": 337657588, + "__RESOLVED_ARTIFACTS_HASH": 1465430016, "conflict_resolution": { "com.squareup.okhttp3:okhttp:3.14.8": "com.squareup.okhttp3:okhttp:4.2.2" }, @@ -2313,112 +2313,112 @@ "url": "https://repo1.maven.org/maven2/org/apache/httpcomponents/httpcore/4.4.14/httpcore-4.4.14-sources.jar" }, { - "coord": "org.apache.logging.log4j:log4j-api:2.14.1", + "coord": "org.apache.logging.log4j:log4j-api:2.15.0", "dependencies": [], "directDependencies": [], "exclusions": [ "org.hamcrest:hamcrest-core" ], - "file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.14.1/log4j-api-2.14.1.jar", + "file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0.jar", "mirror_urls": [ - "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.14.1/log4j-api-2.14.1.jar" + "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0.jar" ], - "sha256": "8caf58db006c609949a0068110395a33067a2bad707c3da35e959c0473f9a916", - "url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.14.1/log4j-api-2.14.1.jar" + "sha256": "c8c33e7e8e05496dae69cf0caac8c3092cffd937a164526e92922d2d566d0a55", + "url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0.jar" }, { - "coord": "org.apache.logging.log4j:log4j-api:jar:sources:2.14.1", + "coord": "org.apache.logging.log4j:log4j-api:jar:sources:2.15.0", "dependencies": [], "directDependencies": [], "exclusions": [ "org.hamcrest:hamcrest-core" ], - "file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.14.1/log4j-api-2.14.1-sources.jar", + "file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0-sources.jar", "mirror_urls": [ - "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.14.1/log4j-api-2.14.1-sources.jar" + "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0-sources.jar" ], - "sha256": "c5f897392a2c3a55b053ae51c9d416909c5397d926592122255facafb7cdba26", - "url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.14.1/log4j-api-2.14.1-sources.jar" + "sha256": "7b90c074385493461fa2e942e7f2952f3bc88c7be195ef29f1fcfa8a740d6865", + "url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0-sources.jar" }, { - "coord": "org.apache.logging.log4j:log4j-core:2.14.1", + "coord": "org.apache.logging.log4j:log4j-core:2.15.0", "dependencies": [ - "org.apache.logging.log4j:log4j-api:2.14.1" + "org.apache.logging.log4j:log4j-api:2.15.0" ], "directDependencies": [ - "org.apache.logging.log4j:log4j-api:2.14.1" + "org.apache.logging.log4j:log4j-api:2.15.0" ], "exclusions": [ "org.hamcrest:hamcrest-core" ], - "file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1.jar", + "file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0.jar", "mirror_urls": [ - "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1.jar" + "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0.jar" ], - "sha256": "ade7402a70667a727635d5c4c29495f4ff96f061f12539763f6f123973b465b0", - "url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1.jar" + "sha256": "419a8512895971b7b4f4f33e620d361254e5c9552b904b0474b09ddd4a6a220b", + "url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0.jar" }, { - "coord": "org.apache.logging.log4j:log4j-core:jar:sources:2.14.1", + "coord": "org.apache.logging.log4j:log4j-core:jar:sources:2.15.0", "dependencies": [ - "org.apache.logging.log4j:log4j-api:jar:sources:2.14.1" + "org.apache.logging.log4j:log4j-api:jar:sources:2.15.0" ], "directDependencies": [ - "org.apache.logging.log4j:log4j-api:jar:sources:2.14.1" + "org.apache.logging.log4j:log4j-api:jar:sources:2.15.0" ], "exclusions": [ "org.hamcrest:hamcrest-core" ], - "file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1-sources.jar", + "file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0-sources.jar", "mirror_urls": [ - "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1-sources.jar" + "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0-sources.jar" ], - "sha256": "80d9908385151b33ca691d37ac94b855c1726f65ed5189564b8b2df1a752b9d9", - "url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1-sources.jar" + "sha256": "62f2fb49f4caacc0c56d6f29d5b5e346d26f2498f1fc393e60b24126886208d3", + "url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0-sources.jar" }, { - "coord": "org.apache.logging.log4j:log4j-slf4j-impl:2.14.1", + "coord": "org.apache.logging.log4j:log4j-slf4j-impl:2.15.0", "dependencies": [ - "org.apache.logging.log4j:log4j-api:2.14.1", - "org.apache.logging.log4j:log4j-core:2.14.1", + "org.apache.logging.log4j:log4j-api:2.15.0", + "org.apache.logging.log4j:log4j-core:2.15.0", "org.slf4j:slf4j-api:1.7.28" ], "directDependencies": [ - "org.apache.logging.log4j:log4j-api:2.14.1", - "org.apache.logging.log4j:log4j-core:2.14.1", + "org.apache.logging.log4j:log4j-api:2.15.0", + "org.apache.logging.log4j:log4j-core:2.15.0", "org.slf4j:slf4j-api:1.7.28" ], "exclusions": [ "org.hamcrest:hamcrest-core" ], - "file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.14.1/log4j-slf4j-impl-2.14.1.jar", + "file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.15.0/log4j-slf4j-impl-2.15.0.jar", "mirror_urls": [ - "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.14.1/log4j-slf4j-impl-2.14.1.jar" + "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.15.0/log4j-slf4j-impl-2.15.0.jar" ], - "sha256": "1e466dd397fb7dd903420c5172234a7d88d7f1a85aa4f5573105c0d9ce12fa33", - "url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.14.1/log4j-slf4j-impl-2.14.1.jar" + "sha256": "fd654a1aa0b34196be41aa9e1e53362493f1a89109ff931c79ad2d58cc90eaa6", + "url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.15.0/log4j-slf4j-impl-2.15.0.jar" }, { - "coord": "org.apache.logging.log4j:log4j-slf4j-impl:jar:sources:2.14.1", + "coord": "org.apache.logging.log4j:log4j-slf4j-impl:jar:sources:2.15.0", "dependencies": [ - "org.apache.logging.log4j:log4j-api:jar:sources:2.14.1", - "org.apache.logging.log4j:log4j-core:jar:sources:2.14.1", + "org.apache.logging.log4j:log4j-api:jar:sources:2.15.0", + "org.apache.logging.log4j:log4j-core:jar:sources:2.15.0", "org.slf4j:slf4j-api:jar:sources:1.7.28" ], "directDependencies": [ - "org.apache.logging.log4j:log4j-api:jar:sources:2.14.1", - "org.apache.logging.log4j:log4j-core:jar:sources:2.14.1", + "org.apache.logging.log4j:log4j-api:jar:sources:2.15.0", + "org.apache.logging.log4j:log4j-core:jar:sources:2.15.0", "org.slf4j:slf4j-api:jar:sources:1.7.28" ], "exclusions": [ "org.hamcrest:hamcrest-core" ], - "file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.14.1/log4j-slf4j-impl-2.14.1-sources.jar", + "file": "v1/https/repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.15.0/log4j-slf4j-impl-2.15.0-sources.jar", "mirror_urls": [ - "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.14.1/log4j-slf4j-impl-2.14.1-sources.jar" + "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.15.0/log4j-slf4j-impl-2.15.0-sources.jar" ], - "sha256": "3816567904457cc45907a4b4beacd99990a169ef988aef03fb78d901dee2b231", - "url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.14.1/log4j-slf4j-impl-2.14.1-sources.jar" + "sha256": "02a1333f492e63a95d4a3ab11bd0d90fb66ceebae5f3dfd8df70274d77bf23b5", + "url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.15.0/log4j-slf4j-impl-2.15.0-sources.jar" }, { "coord": "org.apache.thrift:libthrift:0.14.0", diff --git a/projects/pom.xml b/projects/pom.xml index 1e469479b5a..e08831333f7 100644 --- a/projects/pom.xml +++ b/projects/pom.xml @@ -83,7 +83,7 @@ 1.5.0 3.0.2 4.12 - 2.14.1 + 2.15.0 1.7.1 3.3.3 1.0.0