Commit a08759c8 authored by Anuj Gupta's avatar Anuj Gupta Committed by David Diederich
Browse files

fixed log4j vuln issue ibm and core

(cherry picked from commit f2eaec86)

Conflicts:
	dataset-core/pom.xml
	provider/dataset-ibm/pom.xml
parent 9268bbf5
......@@ -35,7 +35,8 @@
<maven.compiler.target>1.8</maven.compiler.target>
<maven.compiler.source>1.8</maven.compiler.source>
<springfox-version>2.7.0</springfox-version>
<tomcat_embed_core_version>9.0.21</tomcat_embed_core_version>
<tomcat_embed_core_version>9.0.54</tomcat_embed_core_version>
<log4j2.version>2.16.0</log4j2.version>
<!--
<springfox-version>2.9.2</springfox-version>
-->
......@@ -79,8 +80,35 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-to-slf4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-to-slf4j</artifactId>
<version>${log4j2.version}</version>
<exclusions>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>${log4j2.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
......
......@@ -26,7 +26,7 @@
<maven.compiler.source>1.8</maven.compiler.source>
<docker.image.prefix>opendes</docker.image.prefix>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<os-core-common.version>0.12.0</os-core-common.version>
<os-core-common.version>0.13.0-rc3</os-core-common.version>
<jackson.version>2.11.2</jackson.version>
<netty.version>4.1.51.Final</netty.version>
<snakeyaml.version>1.26</snakeyaml.version>
......
......@@ -16,8 +16,9 @@
<properties>
<version.number>0.12.1-SNAPSHOT</version.number>
<os-core-lib-ibm.version>0.12.0</os-core-lib-ibm.version>
<os-core-lib-ibm.version>0.12.1</os-core-lib-ibm.version>
<start-class>org.opengroup.osdu.dataset.provider.ibm.IBMDatasetRegistry</start-class>
<log4j2.version>2.16.0</log4j2.version>
<!--<os-core-common.version>0.3.28</os-core-common.version>-->
</properties>
......@@ -30,7 +31,30 @@
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-lib-ibm</artifactId>
<version>${os-core-lib-ibm.version}</version>
</dependency>
<exclusions>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-to-slf4j</artifactId>
<version>${log4j2.version}</version>
<exclusions>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>${log4j2.version}</version>
</dependency>
<!-- <dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
......@@ -40,6 +64,16 @@
<groupId>org.opengroup.osdu</groupId>
<artifactId>dataset-core</artifactId>
<version>${version.number}</version>
<exclusions>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-to-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency>
......@@ -47,6 +81,12 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<exclusions>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-to-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment