mirror of
https://github.com/SonarSource/sonarqube.git
synced 2024-08-28 05:54:38 +02:00
Upgrade logback and SLF4j
Logback 1.1.x suffers from https://nvd.nist.gov/vuln/detail/CVE-2017-5929, which has been fixed in 1.2.0. This vulnerability can't be exploited because the Logback socket server is not enabled. Nevertheless upgrading is a best practice.
This commit is contained in:
parent
f880843208
commit
cba2b53e32
4
pom.xml
4
pom.xml
@ -72,8 +72,8 @@
|
||||
<sonarUpdateCenter.version>1.18.0.487</sonarUpdateCenter.version>
|
||||
<h2.version>1.3.176</h2.version>
|
||||
<jetty.version>8.1.12.v20130726</jetty.version>
|
||||
<logback.version>1.1.7</logback.version>
|
||||
<slf4j.version>1.7.24</slf4j.version>
|
||||
<logback.version>1.2.3</logback.version>
|
||||
<slf4j.version>1.7.25</slf4j.version>
|
||||
|
||||
<!-- Be aware that Log4j is used by Elasticsearch client -->
|
||||
<log4j.version>2.8.2</log4j.version>
|
||||
|
@ -35,6 +35,7 @@ import ch.qos.logback.core.rolling.FixedWindowRollingPolicy;
|
||||
import ch.qos.logback.core.rolling.RollingFileAppender;
|
||||
import ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy;
|
||||
import ch.qos.logback.core.rolling.TimeBasedRollingPolicy;
|
||||
import ch.qos.logback.core.util.FileSize;
|
||||
import java.io.File;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
@ -342,7 +343,8 @@ public class LogbackHelper extends AbstractLogHelper {
|
||||
String filePath = new File(logsDir, filenamePrefix + ".log").getAbsolutePath();
|
||||
appender.setFile(filePath);
|
||||
|
||||
SizeBasedTriggeringPolicy<ILoggingEvent> trigger = new SizeBasedTriggeringPolicy<>(size);
|
||||
SizeBasedTriggeringPolicy<ILoggingEvent> trigger = new SizeBasedTriggeringPolicy<>();
|
||||
trigger.setMaxFileSize(FileSize.valueOf(size));
|
||||
trigger.setContext(context);
|
||||
trigger.start();
|
||||
appender.setTriggeringPolicy(trigger);
|
||||
|
@ -32,6 +32,7 @@ import ch.qos.logback.core.rolling.FixedWindowRollingPolicy;
|
||||
import ch.qos.logback.core.rolling.RollingFileAppender;
|
||||
import ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy;
|
||||
import ch.qos.logback.core.rolling.TimeBasedRollingPolicy;
|
||||
import ch.qos.logback.core.util.FileSize;
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import com.tngtech.java.junit.dataprovider.DataProvider;
|
||||
import com.tngtech.java.junit.dataprovider.DataProviderRunner;
|
||||
@ -41,6 +42,7 @@ import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Properties;
|
||||
import org.apache.commons.lang.RandomStringUtils;
|
||||
import org.apache.commons.lang.reflect.FieldUtils;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Rule;
|
||||
@ -238,7 +240,7 @@ public class LogbackHelperTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void createRollingPolicy_size() {
|
||||
public void createRollingPolicy_size() throws Exception {
|
||||
props.set("sonar.log.rollingPolicy", "size:1MB");
|
||||
props.set("sonar.log.maxFiles", "20");
|
||||
LoggerContext ctx = underTest.getRootContext();
|
||||
@ -253,7 +255,8 @@ public class LogbackHelperTest {
|
||||
assertThat(rollingPolicy.getMaxIndex()).isEqualTo(20);
|
||||
assertThat(rollingPolicy.getFileNamePattern()).endsWith("sonar.%i.log");
|
||||
SizeBasedTriggeringPolicy triggeringPolicy = (SizeBasedTriggeringPolicy) fileAppender.getTriggeringPolicy();
|
||||
assertThat(triggeringPolicy.getMaxFileSize()).isEqualTo("1MB");
|
||||
FileSize maxFileSize = (FileSize)FieldUtils.readField(triggeringPolicy, "maxFileSize", true);
|
||||
assertThat(maxFileSize.getSize()).isEqualTo(1024L * 1024);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -36,7 +36,7 @@ public class ProgrammaticLogbackValve extends LogbackValve {
|
||||
public void startInternal() throws LifecycleException {
|
||||
try {
|
||||
// direct coupling with LogbackValve implementation
|
||||
FieldUtils.writeField(this, "executorService", ExecutorServiceUtil.newExecutorService(), true);
|
||||
FieldUtils.writeField(this, "scheduledExecutorService", ExecutorServiceUtil.newScheduledExecutorService(), true);
|
||||
FieldUtils.writeField(this, "started", true, true);
|
||||
setState(LifecycleState.STARTING);
|
||||
} catch (IllegalAccessException e) {
|
||||
|
Loading…
Reference in New Issue
Block a user