From 6d5309b34525e387e863eacef1cfad83ece9b605 Mon Sep 17 00:00:00 2001
From: Spencer Sutton <suttonsp@amazon.com>
Date: Wed, 15 Dec 2021 14:19:58 -0600
Subject: [PATCH] Patching log4j vulnerability
(cherry picked from commit 10a410524b3efc7c72735709b8be764eaec3c78e)
---
indexer-core/pom.xml | 2 +-
pom.xml | 13 ++++++++++++-
provider/indexer-aws/pom.xml | 2 +-
provider/indexer-azure/pom.xml | 4 ++--
provider/indexer-gcp/pom.xml | 2 +-
5 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/indexer-core/pom.xml b/indexer-core/pom.xml
index 0d88777ba..52e3187f2 100644
--- a/indexer-core/pom.xml
+++ b/indexer-core/pom.xml
@@ -16,7 +16,7 @@
<properties>
<commons-beanutils.version>1.9.4</commons-beanutils.version>
- <osdu.oscorecommon.version>0.12.0-rc3</osdu.oscorecommon.version>
+ <osdu.oscorecommon.version>0.13.0-rc3</osdu.oscorecommon.version>
</properties>
<dependencies>
diff --git a/pom.xml b/pom.xml
index 316560de2..72f142f6e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
<java.version>1.8</java.version>
<springfox-version>2.7.0</springfox-version>
<spring-cloud.version>Greenwich.SR2</spring-cloud.version>
- <os-core-common.version>0.12.0-rc3</os-core-common.version>
+ <os-core-common.version>0.13.0-rc3</os-core-common.version>
<snakeyaml.version>1.26</snakeyaml.version>
<hibernate-validator.version>6.1.5.Final</hibernate-validator.version>
<jackson.version>2.11.4</jackson.version>
@@ -29,6 +29,7 @@
<netty.version>4.1.51.Final</netty.version>
<reactor-netty.version>0.8.20.RELEASE</reactor-netty.version>
<woodstox-core.version>6.2.3</woodstox-core.version>
+ <log4j2.version>2.16.0</log4j2.version>
<!-- <maven.compiler.target>1.8</maven.compiler.target>-->
<!-- <maven.compiler.source>1.8</maven.compiler.source>-->
<!-- <maven.war.plugin>2.6</maven.war.plugin>-->
@@ -49,6 +50,16 @@
<dependencyManagement>
<dependencies>
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-to-slf4j</artifactId>
+ <version>${log4j2.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-api</artifactId>
+ <version>${log4j2.version}</version>
+ </dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-bom</artifactId>
diff --git a/provider/indexer-aws/pom.xml b/provider/indexer-aws/pom.xml
index b4997f7ed..fe6fcbc6a 100644
--- a/provider/indexer-aws/pom.xml
+++ b/provider/indexer-aws/pom.xml
@@ -47,7 +47,7 @@
<dependency>
<groupId>org.opengroup.osdu.core.aws</groupId>
<artifactId>os-core-lib-aws</artifactId>
- <version>0.11.0</version>
+ <version>0.13.0-SNAPSHOT</version>
</dependency>
<!-- AWS managed packages -->
diff --git a/provider/indexer-azure/pom.xml b/provider/indexer-azure/pom.xml
index 8d2435760..2855c00b2 100644
--- a/provider/indexer-azure/pom.xml
+++ b/provider/indexer-azure/pom.xml
@@ -41,8 +41,8 @@
<nimbus-jose-jwt.version>8.2</nimbus-jose-jwt.version>
<indexer-core.version>0.12.2-SNAPSHOT</indexer-core.version>
<spring-security-jwt.version>1.1.1.RELEASE</spring-security-jwt.version>
- <osdu.corelibazure.version>0.12.0-rc10</osdu.corelibazure.version>
- <osdu.oscorecommon.version>0.12.0-rc3</osdu.oscorecommon.version>
+ <osdu.corelibazure.version>0.13.0-rc5</osdu.corelibazure.version>
+ <osdu.oscorecommon.version>0.13.0-rc3</osdu.oscorecommon.version>
<reactor-netty.version>0.9.12.RELEASE</reactor-netty.version>
<java-jwt.version>3.8.1</java-jwt.version>
<powermock.version>2.0.2</powermock.version>
diff --git a/provider/indexer-gcp/pom.xml b/provider/indexer-gcp/pom.xml
index d9af5e78d..a9b14f6a5 100644
--- a/provider/indexer-gcp/pom.xml
+++ b/provider/indexer-gcp/pom.xml
@@ -19,7 +19,7 @@
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>core-lib-gcp</artifactId>
- <version>0.12.0-rc3</version>
+ <version>0.13.0-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.opengroup.osdu.indexer</groupId>
--
GitLab