Merge branch 'log4j-vuln-fix' into 'master'

Patching log4j vulnerability

See merge request !248

indexer-core/pom.xml

@@ -16,7 +16,7 @@
 
 	<properties>
 		<commons-beanutils.version>1.9.4</commons-beanutils.version>
-		<osdu.oscorecommon.version>0.12.0-rc3</osdu.oscorecommon.version>
+		<osdu.oscorecommon.version>0.13.0-rc3</osdu.oscorecommon.version>
 	</properties>
 
 	<dependencies>

pom.xml

@@ -19,7 +19,7 @@
         <java.version>1.8</java.version>
         <springfox-version>2.7.0</springfox-version>
         <spring-cloud.version>Greenwich.SR2</spring-cloud.version>
-        <os-core-common.version>0.12.0-rc3</os-core-common.version>
+        <os-core-common.version>0.13.0-rc3</os-core-common.version>
         <snakeyaml.version>1.26</snakeyaml.version>
         <hibernate-validator.version>6.1.5.Final</hibernate-validator.version>
         <jackson.version>2.11.4</jackson.version>
@@ -29,6 +29,7 @@
         <netty.version>4.1.51.Final</netty.version>
         <reactor-netty.version>0.8.20.RELEASE</reactor-netty.version>
         <woodstox-core.version>6.2.3</woodstox-core.version>
+        <log4j2.version>2.16.0</log4j2.version>
         <!--        <maven.compiler.target>1.8</maven.compiler.target>-->
 <!--        <maven.compiler.source>1.8</maven.compiler.source>-->
 <!--        <maven.war.plugin>2.6</maven.war.plugin>-->
@@ -49,6 +50,16 @@
 
     <dependencyManagement>
         <dependencies>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-to-slf4j</artifactId>
+                <version>${log4j2.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-api</artifactId>
+                <version>${log4j2.version}</version>
+            </dependency>
             <dependency>
                 <groupId>io.netty</groupId>
                 <artifactId>netty-bom</artifactId>

provider/indexer-aws/pom.xml

@@ -47,7 +47,7 @@
     <dependency>
         <groupId>org.opengroup.osdu.core.aws</groupId>
         <artifactId>os-core-lib-aws</artifactId>
-        <version>0.11.0</version>
+        <version>0.13.0-rc2</version>
     </dependency>
 
     <!-- AWS managed packages -->

provider/indexer-azure/pom.xml

@@ -41,8 +41,8 @@
         <nimbus-jose-jwt.version>8.2</nimbus-jose-jwt.version>
         <indexer-core.version>0.13.0-SNAPSHOT</indexer-core.version>
         <spring-security-jwt.version>1.1.1.RELEASE</spring-security-jwt.version>
-        <osdu.corelibazure.version>0.12.0-rc10</osdu.corelibazure.version>
-        <osdu.oscorecommon.version>0.12.0-rc3</osdu.oscorecommon.version>
+        <osdu.corelibazure.version>0.13.0-rc5</osdu.corelibazure.version>
+        <osdu.oscorecommon.version>0.13.0-rc3</osdu.oscorecommon.version>
         <reactor-netty.version>0.9.12.RELEASE</reactor-netty.version>
         <java-jwt.version>3.8.1</java-jwt.version>
         <powermock.version>2.0.2</powermock.version>

provider/indexer-gcp/pom.xml

@@ -19,7 +19,7 @@
         <dependency>
             <groupId>org.opengroup.osdu</groupId>
             <artifactId>core-lib-gcp</artifactId>
-            <version>0.12.0-rc3</version>
+            <version>0.13.0-rc3</version>
         </dependency>
         <dependency>
             <groupId>org.opengroup.osdu.indexer</groupId>

provider/indexer-ibm/pom.xml

@@ -31,7 +31,7 @@
     <packaging>jar</packaging>
 	
 	<properties>
-		<os-core-lib-ibm.version>0.13.0-SNAPSHOT</os-core-lib-ibm.version>
+		<os-core-lib-ibm.version>0.13.0-rc4</os-core-lib-ibm.version>
 	</properties>
 	
 	<profiles>

testing/indexer-test-ibm/pom.xml

@@ -19,7 +19,7 @@
         <maven.compiler.target>1.8</maven.compiler.target>
         <maven.compiler.source>1.8</maven.compiler.source>
         <cucumber.version>1.2.5</cucumber.version>
-        <os-core-lib-ibm.version>0.13.0-SNAPSHOT</os-core-lib-ibm.version>
+        <os-core-lib-ibm.version>0.13.0-rc4</os-core-lib-ibm.version>
     </properties>
 
     <dependencies>