Преглед на файлове
dep: Update slf4j to 1.7.36 and switch from log4j1 to reload4j
Replace log4j 1.2.17 with reload4j 1.2.25. log4j 1.x was caught in the fire of the Log4Shell vulnerability, even though the 1.x line was not affected by the vulnerability. Still, this looks bad when it shows up in security scanners even though it doesn't mean it has the Log4Shell vulnerability. Switch to reload4j instead. This is a drop-in replacement of log4j. Actually, it is log4j rebooted by the same author. The reload4j 1.x line fixes security issues that have since surfaced. At the same time we update to the latest slf4j version, which also switched to reload4j for the log4j12 line.pull/1461/head
Florian Zschocke
преди 6 месеца
променени са 3 файла, в които са добавени 15 реда и са изтрити 15 реда
+ 3
- 3
.classpath
Целия файл
| @@ -18,9 +18,9 @@ | |||
| <classpathentry kind="lib" path="ext/j2objc-annotations-2.8.jar" sourcepath="ext/src/j2objc-annotations-2.8.jar" /> | |||
| <classpathentry kind="lib" path="ext/guice-servlet-5.1.0-gb2.jar" sourcepath="ext/src/guice-servlet-5.1.0-gb2.jar" /> | |||
| <classpathentry kind="lib" path="ext/annotations-12.0.jar" sourcepath="ext/src/annotations-12.0.jar" /> | |||
| <classpathentry kind="lib" path="ext/log4j-1.2.17.jar" sourcepath="ext/src/log4j-1.2.17.jar" /> | |||
| <classpathentry kind="lib" path="ext/slf4j-api-1.7.29.jar" sourcepath="ext/src/slf4j-api-1.7.29.jar" /> | |||
| <classpathentry kind="lib" path="ext/slf4j-log4j12-1.7.29.jar" sourcepath="ext/src/slf4j-log4j12-1.7.29.jar" /> | |||
| <classpathentry kind="lib" path="ext/reload4j-1.2.25.jar" sourcepath="ext/src/reload4j-1.2.25.jar" /> | |||
| <classpathentry kind="lib" path="ext/slf4j-api-1.7.36.jar" sourcepath="ext/src/slf4j-api-1.7.36.jar" /> | |||
| <classpathentry kind="lib" path="ext/slf4j-reload4j-1.7.36.jar" sourcepath="ext/src/slf4j-reload4j-1.7.36.jar" /> | |||
| <classpathentry kind="lib" path="ext/javax.mail-1.5.6.jar" sourcepath="ext/src/javax.mail-1.5.6.jar" /> | |||
| <classpathentry kind="lib" path="ext/activation-1.1.jar" sourcepath="ext/src/activation-1.1.jar" /> | |||
| <classpathentry kind="lib" path="ext/javax.servlet-api-3.1.0.jar" sourcepath="ext/src/javax.servlet-api-3.1.0.jar" /> | |||
+ 3
- 3
build.moxie
Целия файл
| @@ -106,7 +106,7 @@ repositories: central, eclipse-snapshots, eclipse, gitblit | |||
| # Convenience properties for dependencies | |||
| properties: { | |||
| jetty.version : 9.4.49.v20220914 | |||
| slf4j.version : 1.7.29 | |||
| slf4j.version : 1.7.36 | |||
| wicket.version : 1.4.22 | |||
| lucene.version : 5.5.2 | |||
| jgit.version : 4.11.9.201909030838-r | |||
| @@ -137,9 +137,9 @@ dependencies: | |||
| - compile 'com.google.inject.extensions:guice-servlet:${guice-servlet.version}' :war | |||
| - compile 'com.google.guava:guava:32.1.3-jre' :war :fedclient | |||
| - compile 'com.intellij:annotations:12.0' :war | |||
| - compile 'log4j:log4j:1.2.17' :war :fedclient :manager | |||
| - compile 'ch.qos.reload4j:reload4j:1.2.25' :war :fedclient :manager | |||
| - compile 'org.slf4j:slf4j-api:${slf4j.version}' :war :fedclient :manager | |||
| - compile 'org.slf4j:slf4j-log4j12:${slf4j.version}' :war :fedclient :manager | |||
| - compile 'org.slf4j:slf4j-reload4j:${slf4j.version}' :war :fedclient :manager | |||
| - compile 'com.sun.mail:javax.mail:1.5.6' :war | |||
| - compile 'javax.servlet:javax.servlet-api:3.1.0' :fedclient | |||
| - compile 'org.eclipse.jetty:jetty-servlet:${jetty.version}' @jar | |||
+ 9
- 9
gitblit.iml
Целия файл
| @@ -145,35 +145,35 @@ | |||
| </library> | |||
| </orderEntry> | |||
| <orderEntry type="module-library"> | |||
| <library name="log4j-1.2.17.jar"> | |||
| <library name="reload4j-1.2.25.jar"> | |||
| <CLASSES> | |||
| <root url="jar://$MODULE_DIR$/ext/log4j-1.2.17.jar!/" /> | |||
| <root url="jar://$MODULE_DIR$/ext/reload4j-1.2.25.jar!/" /> | |||
| </CLASSES> | |||
| <JAVADOC /> | |||
| <SOURCES> | |||
| <root url="jar://$MODULE_DIR$/ext/src/log4j-1.2.17.jar!/" /> | |||
| <root url="jar://$MODULE_DIR$/ext/src/reload4j-1.2.25.jar!/" /> | |||
| </SOURCES> | |||
| </library> | |||
| </orderEntry> | |||
| <orderEntry type="module-library"> | |||
| <library name="slf4j-api-1.7.29.jar"> | |||
| <library name="slf4j-api-1.7.36.jar"> | |||
| <CLASSES> | |||
| <root url="jar://$MODULE_DIR$/ext/slf4j-api-1.7.29.jar!/" /> | |||
| <root url="jar://$MODULE_DIR$/ext/slf4j-api-1.7.36.jar!/" /> | |||
| </CLASSES> | |||
| <JAVADOC /> | |||
| <SOURCES> | |||
| <root url="jar://$MODULE_DIR$/ext/src/slf4j-api-1.7.29.jar!/" /> | |||
| <root url="jar://$MODULE_DIR$/ext/src/slf4j-api-1.7.36.jar!/" /> | |||
| </SOURCES> | |||
| </library> | |||
| </orderEntry> | |||
| <orderEntry type="module-library"> | |||
| <library name="slf4j-log4j12-1.7.29.jar"> | |||
| <library name="slf4j-reload4j-1.7.36.jar"> | |||
| <CLASSES> | |||
| <root url="jar://$MODULE_DIR$/ext/slf4j-log4j12-1.7.29.jar!/" /> | |||
| <root url="jar://$MODULE_DIR$/ext/slf4j-reload4j-1.7.36.jar!/" /> | |||
| </CLASSES> | |||
| <JAVADOC /> | |||
| <SOURCES> | |||
| <root url="jar://$MODULE_DIR$/ext/src/slf4j-log4j12-1.7.29.jar!/" /> | |||
| <root url="jar://$MODULE_DIR$/ext/src/slf4j-reload4j-1.7.36.jar!/" /> | |||
| </SOURCES> | |||
| </library> | |||
| </orderEntry> | |||
Loading…