Update Log4j2 dependency to 2.17.1 to resolve log4jshell vulnerability
git-svn-id: https://brutex.net/svn/xservices/trunk@197 e7e49efb-446e-492e-b9ec-fcafc1997a86master
parent
7ee16eb26c
commit
9d95f5194a
58
ivy.xml
58
ivy.xml
|
@ -34,7 +34,7 @@
|
|||
<dependencies defaultconf="master">
|
||||
|
||||
<dependency org="org.apache.commons" name="commons-lang3" rev="3.7"/>
|
||||
<dependency org="org.apache.commons" name="commons-configuration2" rev="2.2" />
|
||||
<dependency org="org.apache.commons" name="commons-configuration2" rev="2.7" />
|
||||
|
||||
<dependency org="commons-net" name="commons-net" rev="3.2"/>
|
||||
|
||||
|
@ -59,15 +59,15 @@
|
|||
<dependency org="org.quartz-scheduler" name="quartz" rev="2.3.0"/>
|
||||
|
||||
<!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core -->
|
||||
<dependency org="org.apache.logging.log4j" name="log4j-api" rev="2.11.0"/>
|
||||
<dependency org="org.apache.logging.log4j" name="log4j-core" rev="2.11.0"/>
|
||||
<dependency org="org.apache.logging.log4j" name="log4j-web" rev="2.11.0"/>
|
||||
<dependency org="org.apache.logging.log4j" name="log4j-api" rev="2.17.1"/>
|
||||
<dependency org="org.apache.logging.log4j" name="log4j-core" rev="2.17.1"/>
|
||||
<dependency org="org.apache.logging.log4j" name="log4j-web" rev="2.17.1"/>
|
||||
<!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-1.2-api -->
|
||||
<dependency org="org.apache.logging.log4j" name="log4j-1.2-api" rev="2.11.0"/>
|
||||
<dependency org="org.apache.logging.log4j" name="log4j-1.2-api" rev="2.17.1"/>
|
||||
|
||||
|
||||
<!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-slf4j-impl -->
|
||||
<dependency org="org.apache.logging.log4j" name="log4j-slf4j-impl" rev="2.11.0" />
|
||||
<dependency org="org.apache.logging.log4j" name="log4j-slf4j-impl" rev="2.17.1" />
|
||||
<!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-api -->
|
||||
<!-- <dependency org="org.slf4j" name="slf4j-api" rev="1.7.25" />-->
|
||||
|
||||
|
@ -79,9 +79,12 @@
|
|||
|
||||
|
||||
<dependency org="commons-beanutils" name="commons-beanutils" rev="1.9.3"/>
|
||||
|
||||
|
||||
|
||||
|
||||
<!-- https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api -->
|
||||
<dependency org="javax.servlet" name="javax.servlet-api" rev="4.0.1"/>
|
||||
|
||||
|
||||
|
||||
<dependency org="org.apache.ws.commons.axiom" name="axiom-api" rev="1.2.20" conf="compile,master">
|
||||
<!-- <artifact name="axiom-api" ext="jar"/>-->
|
||||
<exclude name="axiom-api-1.2.20-tests" ext="jar"/>
|
||||
|
@ -96,9 +99,9 @@
|
|||
|
||||
|
||||
|
||||
<dependency org="org.apache.shiro" name="shiro-core" rev="1.4.0" />
|
||||
<dependency org="org.apache.shiro" name="shiro-root" rev="1.4.0" />
|
||||
<dependency org="org.apache.shiro" name="shiro-web" rev="1.4.0" />
|
||||
<dependency org="org.apache.shiro" name="shiro-core" rev="1.8.0" />
|
||||
<dependency org="org.apache.shiro" name="shiro-root" rev="1.8.0" />
|
||||
<dependency org="org.apache.shiro" name="shiro-web" rev="1.8.0" />
|
||||
|
||||
|
||||
|
||||
|
@ -140,8 +143,35 @@
|
|||
<dependency org="lib" name="lib.xservices-scmtypes" rev="20131001" conf="*->default">
|
||||
<artifact name="lib.xservices-scmtypes" type="jar" />
|
||||
</dependency>
|
||||
|
||||
|
||||
<dependency org="lib" name="MgmtDataModel" rev="20131001" conf="*->default">
|
||||
<artifact name="MgmtDataModel" type="jar" />
|
||||
</dependency>
|
||||
<!--
|
||||
<dependency org="lib" name="OADocGenerator" rev="20131001" conf="*->default">
|
||||
<artifact name="OADocGenerator" type="jar" />
|
||||
</dependency>
|
||||
-->
|
||||
<dependency org="lib" name="DocBuilder" rev="20131001" conf="*->default">
|
||||
<artifact name="DocBuilder" type="jar" />
|
||||
</dependency>
|
||||
|
||||
<!-- Micro Focus/ Serena Software Dimensions CM 14.1 API -->
|
||||
<dependency org="lib" name="serena.darius" rev="14.1" conf="*->default">
|
||||
<artifact name="serena.darius" type="jar" />
|
||||
</dependency>
|
||||
<dependency org="lib" name="serena.dmclient" rev="14.1" conf="*->default">
|
||||
<artifact name="serena.dmclient" type="jar" />
|
||||
</dependency>
|
||||
<dependency org="lib" name="serena.dmfile" rev="14.1" conf="*->default">
|
||||
<artifact name="serena.dmfile" type="jar" />
|
||||
</dependency>
|
||||
<dependency org="lib" name="serena.dmnet" rev="14.1" conf="*->default">
|
||||
<artifact name="serena.dmnet" type="jar" />
|
||||
</dependency>
|
||||
<dependency org="lib" name="serena.dmtpi" rev="14.1" conf="*->default">
|
||||
<artifact name="serena.dmtpi" type="jar" />
|
||||
</dependency>
|
||||
|
||||
<conflict manager="latest-revision"/>
|
||||
</dependencies>
|
||||
</ivy-module>
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
<ivysettings>
|
||||
<settings defaultResolver="defaultchain" />
|
||||
<resolvers>
|
||||
<ibiblio name="apache-maven" m2compatible="true" usepoms="true" root="http://repo.maven.apache.org/maven2/" />
|
||||
<ibiblio name="apache-maven" m2compatible="true" usepoms="true" root="https://repo.maven.apache.org/maven2/" />
|
||||
<ibiblio name="java" m2compatible="true" usepoms="true" root="http://download.java.net/maven/2/" />
|
||||
|
||||
<filesystem name="local-filesystem">
|
||||
|
|
Binary file not shown.
|
@ -17,30 +17,14 @@
|
|||
|
||||
package net.brutex.xservices.security;
|
||||
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.apache.shiro.config.Ini;
|
||||
import org.apache.shiro.realm.text.IniRealm;
|
||||
import org.apache.shiro.util.Nameable;
|
||||
|
||||
import java.net.URI;
|
||||
import java.net.URISyntaxException;
|
||||
import java.net.URL;
|
||||
|
||||
import javax.servlet.ServletContext;
|
||||
|
||||
import org.apache.catalina.core.ApplicationContext;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.shiro.authc.AuthenticationException;
|
||||
import org.apache.shiro.authc.AuthenticationInfo;
|
||||
import org.apache.shiro.authc.AuthenticationToken;
|
||||
import org.apache.shiro.authz.AuthorizationInfo;
|
||||
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
||||
import org.apache.shiro.config.Ini;
|
||||
import org.apache.shiro.io.ResourceUtils;
|
||||
import org.apache.shiro.realm.AuthorizingRealm;
|
||||
import org.apache.shiro.realm.text.IniRealm;
|
||||
import org.apache.shiro.realm.text.TextConfigurationRealm;
|
||||
import org.apache.shiro.subject.PrincipalCollection;
|
||||
import org.apache.shiro.util.Nameable;
|
||||
import org.apache.shiro.web.env.IniWebEnvironment;
|
||||
import org.apache.shiro.web.util.WebUtils;
|
||||
|
||||
// TODO: Auto-generated Javadoc
|
||||
/*
|
||||
|
|
|
@ -29,7 +29,7 @@ import javax.xml.bind.annotation.XmlType;
|
|||
@XmlType
|
||||
public class StringMatchType
|
||||
{
|
||||
public final List<StringMatchDetails> stringlist = new ArrayList();
|
||||
public final List<StringMatchDetails> stringlist = new ArrayList<StringMatchDetails>();
|
||||
public int size = 0;
|
||||
|
||||
public synchronized void addStringMatch(StringMatchDetails match)
|
||||
|
|
|
@ -177,11 +177,7 @@ public class BrutexHSQLQuartzConnectionProvider implements ConnectionProvider {
|
|||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void initialize() throws SQLException {
|
||||
// TODO Auto-generated method stub
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -177,11 +177,6 @@ public class BrutexQuartzConnectionProvider implements ConnectionProvider {
|
|||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void initialize() throws SQLException {
|
||||
// TODO Auto-generated method stub
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -3,10 +3,14 @@
|
|||
*/
|
||||
package net.brutex.xservices.util;
|
||||
|
||||
import java.io.BufferedInputStream;
|
||||
import java.io.BufferedReader;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStreamReader;
|
||||
import java.net.URL;
|
||||
|
||||
import org.apache.commons.configuration.ConfigurationException;
|
||||
import org.apache.commons.configuration.PropertiesConfiguration;
|
||||
import org.apache.commons.configuration2.ex.ConfigurationException;
|
||||
import org.apache.commons.configuration2.PropertiesConfiguration;
|
||||
import org.apache.commons.jcs.JCS;
|
||||
import org.apache.commons.jcs.access.exception.CacheException;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
|
@ -29,7 +33,9 @@ public final class OpenAirConnection {
|
|||
final URL configloc = OpenAirConnection.class.getClassLoader().getResource(config);
|
||||
logger.debug("Loading Open Air connection details from {}", configloc.toString());
|
||||
|
||||
props = new PropertiesConfiguration(configloc);
|
||||
props = new PropertiesConfiguration();
|
||||
props.read( new InputStreamReader( new BufferedInputStream(configloc.openStream())) );
|
||||
|
||||
final String user = props.getString("user");
|
||||
final String password = props.getString("password");
|
||||
final String company = props.getString("company");
|
||||
|
@ -46,6 +52,8 @@ public final class OpenAirConnection {
|
|||
} catch (ConfigurationException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
e.printStackTrace();
|
||||
} catch (IOException e) {
|
||||
e.printStackTrace();
|
||||
} finally {
|
||||
|
||||
}
|
||||
|
|
|
@ -15,6 +15,9 @@
|
|||
*/
|
||||
package net.brutex.xservices.ws.impl;
|
||||
|
||||
import java.io.BufferedInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStreamReader;
|
||||
import java.net.URL;
|
||||
import java.time.format.DateTimeFormatter;
|
||||
import java.util.ArrayList;
|
||||
|
@ -27,8 +30,8 @@ import javax.activation.DataHandler;
|
|||
import javax.jws.WebParam;
|
||||
import javax.jws.WebService;
|
||||
|
||||
import org.apache.commons.configuration.ConfigurationException;
|
||||
import org.apache.commons.configuration.PropertiesConfiguration;
|
||||
import org.apache.commons.configuration2.ex.ConfigurationException;
|
||||
import org.apache.commons.configuration2.PropertiesConfiguration;
|
||||
import org.apache.commons.jcs.JCS;
|
||||
import org.apache.commons.jcs.access.exception.CacheException;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
|
@ -464,7 +467,8 @@ public class OpenAirProxyServiceImpl implements OpenAirProxyService {
|
|||
|
||||
final URL configloc = this.getClass().getClassLoader().getResource(config);
|
||||
|
||||
props = new PropertiesConfiguration(configloc);
|
||||
props = new PropertiesConfiguration();
|
||||
props.read( new InputStreamReader( new BufferedInputStream( configloc.openStream() )));
|
||||
final String user = props.getString("user");
|
||||
final String password = props.getString("password");
|
||||
final String company = props.getString("company");
|
||||
|
@ -481,6 +485,9 @@ public class OpenAirProxyServiceImpl implements OpenAirProxyService {
|
|||
} catch (ConfigurationException e) {
|
||||
logger.error(e);
|
||||
e.printStackTrace();
|
||||
} catch (IOException e) {
|
||||
logger.error(e);
|
||||
e.printStackTrace();
|
||||
} finally {
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue