From a69656bfbe1cde1e95a46e62eca08ad07cced304 Mon Sep 17 00:00:00 2001 From: krankkkk Date: Tue, 14 Dec 2021 18:19:48 +0100 Subject: [PATCH 1/3] Spring Version Update This time really set log4j on 2.16+ --- logviewer/build.gradle | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/logviewer/build.gradle b/logviewer/build.gradle index 0884229b88..606da0de81 100644 --- a/logviewer/build.gradle +++ b/logviewer/build.gradle @@ -1,6 +1,6 @@ plugins { id "com.google.cloud.tools.jib" version "3.1.4" - id "org.springframework.boot" version "2.5.5" + id "org.springframework.boot" version "2.6.1" id "io.spring.dependency-management" version "1.0.11.RELEASE" id "com.vaadin" version "21.0.2" id 'java' @@ -36,35 +36,47 @@ jooq { } dependencies { - compileOnly 'org.apache.logging.log4j:log4j-api:2.15.0' - runtimeOnly 'org.apache.logging.log4j:log4j-jul:2.15.0' - runtimeOnly 'org.apache.logging.log4j:log4j-slf4j-impl:2.15.0' + implementation('org.apache.logging.log4j:log4j-api') { + version { + require '2.16.0' + } + because 'Log4Shell happend' + } + runtimeOnly('org.apache.logging.log4j:log4j-core') { + version { + require '2.16.0' + } + because 'Log4Shell happend' + } + + runtimeOnly 'org.apache.logging.log4j:log4j-jul:2.16.0' + runtimeOnly 'org.apache.logging.log4j:log4j-slf4j-impl:2.16.0' implementation(project(":database")) implementation 'org.jooq:jooq:3.15.3' implementation 'com.vaadin:vaadin-core:21.0.2' - implementation ('com.vaadin:vaadin-spring:18.0.0') + implementation('com.vaadin:vaadin-spring:18.0.0') implementation 'org.vaadin.artur:a-vaadin-helper:1.7.2' implementation 'org.vaadin.crudui:crudui:4.6.0' implementation 'com.vaadin.componentfactory:enhanced-dialog:21.0.0' - implementation ('org.springframework.boot:spring-boot-starter-web:2.5.5'){ + implementation('org.springframework.boot:spring-boot-starter-web:2.6.1') { exclude group: 'org.springframework.boot', module: 'spring-boot-starter-logging' } - implementation ('org.springframework.boot:spring-boot-starter-security:2.5.5'){ + implementation('org.springframework.boot:spring-boot-starter-security:2.6.1') { exclude group: 'org.springframework.boot', module: 'spring-boot-starter-logging' } - implementation ('org.springframework.boot:spring-boot-starter-oauth2-client:2.5.5'){ + implementation('org.springframework.boot:spring-boot-starter-oauth2-client:2.6.1') { exclude group: 'org.springframework.boot', module: 'spring-boot-starter-logging' } - developmentOnly ('org.springframework.boot:spring-boot-starter-actuator:2.5.5'){ + developmentOnly('org.springframework.boot:spring-boot-starter-actuator:2.6.1') { exclude group: 'org.springframework.boot', module: 'spring-boot-starter-logging' } - developmentOnly ('org.springframework.boot:spring-boot-devtools:2.5.5'){ + developmentOnly('org.springframework.boot:spring-boot-devtools:2.6.1') { exclude group: 'org.springframework.boot', module: 'spring-boot-starter-logging' } } @@ -79,7 +91,7 @@ jib { password = System.getenv('REGISTRY_PASSWORD') ?: '' } } - container{ + container { setPorts(["5050"].asList()) setCreationTime(Instant.now().toString()) } From 3e5b60d767eaf160a9845f29612a2674d2f89882 Mon Sep 17 00:00:00 2001 From: Tim Krause <59603675+krankkkk@users.noreply.github.com> Date: Tue, 14 Dec 2021 18:58:31 +0100 Subject: [PATCH 2/3] Remove Typo --- logviewer/build.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/logviewer/build.gradle b/logviewer/build.gradle index 606da0de81..2086804732 100644 --- a/logviewer/build.gradle +++ b/logviewer/build.gradle @@ -40,13 +40,13 @@ dependencies { version { require '2.16.0' } - because 'Log4Shell happend' + because 'Log4Shell happened' } runtimeOnly('org.apache.logging.log4j:log4j-core') { version { require '2.16.0' } - because 'Log4Shell happend' + because 'Log4Shell happened' } runtimeOnly 'org.apache.logging.log4j:log4j-jul:2.16.0' From 21cb6af7beed19dbb824a38a2fb56b3c2fd3c6eb Mon Sep 17 00:00:00 2001 From: krankkkk Date: Tue, 14 Dec 2021 19:26:34 +0100 Subject: [PATCH 3/3] Update Log4j to 2.16.0 in application --- application/build.gradle | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/application/build.gradle b/application/build.gradle index a1e75acded..7a9c4f23c3 100644 --- a/application/build.gradle +++ b/application/build.gradle @@ -47,9 +47,9 @@ dependencies { implementation 'net.dv8tion:JDA:4.4.0_351' - implementation 'org.apache.logging.log4j:log4j-api:2.15.0' - implementation 'org.apache.logging.log4j:log4j-core:2.15.0' - implementation 'org.apache.logging.log4j:log4j-slf4j18-impl:2.15.0' + compileOnly 'org.apache.logging.log4j:log4j-api:2.16.0' + runtimeOnly 'org.apache.logging.log4j:log4j-core:2.16.0' + runtimeOnly 'org.apache.logging.log4j:log4j-slf4j18-impl:2.16.0' implementation 'org.jooq:jooq:3.15.3'