From c8107092dbc38de2003ebf5cf50503a4fba378ac Mon Sep 17 00:00:00 2001
From: "Yu, Peng" <peng.yu@intel.com>
Date: Tue, 14 Dec 2021 10:58:47 +0800
Subject: [PATCH 1/3] [POAE7-1418] add dependency exclusions to deprecated
 log4j

---
 .../ape-benchmarks/ape-benchmark-flink-tpcds/pom.xml | 12 ++++++++++++
 .../ape-benchmarks/ape-benchmark-flink-tpch/pom.xml  | 12 ++++++++++++
 oap-ape/ape-java/ape-flink/ape-flink-1.12.0/pom.xml  |  4 ++++
 oap-ape/ape-java/ape-flink/ape-flink-1.13.2/pom.xml  |  4 ++++
 4 files changed, 32 insertions(+)

diff --git a/oap-ape/ape-java/ape-benchmarks/ape-benchmark-flink-tpcds/pom.xml b/oap-ape/ape-java/ape-benchmarks/ape-benchmark-flink-tpcds/pom.xml
index a8d3b732b..d7bd69bc2 100644
--- a/oap-ape/ape-java/ape-benchmarks/ape-benchmark-flink-tpcds/pom.xml
+++ b/oap-ape/ape-java/ape-benchmarks/ape-benchmark-flink-tpcds/pom.xml
@@ -67,6 +67,18 @@
                     <groupId>org.pentaho</groupId>
                     <artifactId>pentaho-aggdesigner-algorithm</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.apache.logging.log4j</groupId>
+                    <artifactId>log4j-1.2-api</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.logging.log4j</groupId>
+                    <artifactId>log4j-slf4j-impl</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.hive</groupId>
+                    <artifactId>hive-llap-tez</artifactId>
+                </exclusion>
             </exclusions>
             <scope>provided</scope>
         </dependency>
diff --git a/oap-ape/ape-java/ape-benchmarks/ape-benchmark-flink-tpch/pom.xml b/oap-ape/ape-java/ape-benchmarks/ape-benchmark-flink-tpch/pom.xml
index 53c105e4f..8aecb502c 100644
--- a/oap-ape/ape-java/ape-benchmarks/ape-benchmark-flink-tpch/pom.xml
+++ b/oap-ape/ape-java/ape-benchmarks/ape-benchmark-flink-tpch/pom.xml
@@ -74,6 +74,18 @@
                     <groupId>org.pentaho</groupId>
                     <artifactId>pentaho-aggdesigner-algorithm</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.apache.logging.log4j</groupId>
+                    <artifactId>log4j-1.2-api</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.logging.log4j</groupId>
+                    <artifactId>log4j-slf4j-impl</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.hive</groupId>
+                    <artifactId>hive-llap-tez</artifactId>
+                </exclusion>
             </exclusions>
             <scope>provided</scope>
         </dependency>
diff --git a/oap-ape/ape-java/ape-flink/ape-flink-1.12.0/pom.xml b/oap-ape/ape-java/ape-flink/ape-flink-1.12.0/pom.xml
index 6efca82d4..9d2b00a41 100755
--- a/oap-ape/ape-java/ape-flink/ape-flink-1.12.0/pom.xml
+++ b/oap-ape/ape-java/ape-flink/ape-flink-1.12.0/pom.xml
@@ -328,6 +328,10 @@
           <groupId>org.slf4j</groupId>
           <artifactId>slf4j-log4j12</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.apache.logging.log4j</groupId>
+          <artifactId>log4j-1.2-api</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
 
diff --git a/oap-ape/ape-java/ape-flink/ape-flink-1.13.2/pom.xml b/oap-ape/ape-java/ape-flink/ape-flink-1.13.2/pom.xml
index a73ffc780..75c22b2f8 100755
--- a/oap-ape/ape-java/ape-flink/ape-flink-1.13.2/pom.xml
+++ b/oap-ape/ape-java/ape-flink/ape-flink-1.13.2/pom.xml
@@ -327,6 +327,10 @@
           <groupId>org.slf4j</groupId>
           <artifactId>slf4j-log4j12</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.apache.logging.log4j</groupId>
+          <artifactId>log4j-1.2-api</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
 

From f99507d5ce44d55570100fd50ec1edad7d4148bb Mon Sep 17 00:00:00 2001
From: "Yu, Peng" <peng.yu@intel.com>
Date: Tue, 14 Dec 2021 15:37:29 +0800
Subject: [PATCH 2/3] add more exclustions related to log4j vulnerability

---
 oap-ape/ape-java/ape-client/pom.xml           | 10 ++++++++
 oap-ape/ape-java/ape-common/pom.xml           |  2 +-
 .../ape-flink/ape-flink-common/pom.xml        | 24 ++++++++++++-------
 oap-ape/ape-java/ape-hcfs/pom.xml             | 10 ++++++++
 oap-ape/ape-java/ape-spark/pom.xml            | 10 ++++++++
 5 files changed, 47 insertions(+), 9 deletions(-)

diff --git a/oap-ape/ape-java/ape-client/pom.xml b/oap-ape/ape-java/ape-client/pom.xml
index fba6fa031..b4ef5fc52 100644
--- a/oap-ape/ape-java/ape-client/pom.xml
+++ b/oap-ape/ape-java/ape-client/pom.xml
@@ -44,6 +44,16 @@
             <artifactId>hadoop-common</artifactId>
             <version>${hadoop.version}</version>
             <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>log4j</groupId>
+                    <artifactId>log4j</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-log4j12</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <!-- Test dependencies -->
diff --git a/oap-ape/ape-java/ape-common/pom.xml b/oap-ape/ape-java/ape-common/pom.xml
index 446b069d1..709fc56ed 100644
--- a/oap-ape/ape-java/ape-common/pom.xml
+++ b/oap-ape/ape-java/ape-common/pom.xml
@@ -89,7 +89,7 @@
     <dependency>
       <groupId>com.intel.oap</groupId>
       <artifactId>pmem-common</artifactId>
-      <version>1.1.0</version>
+      <version>1.2.0-snapshot</version>
     </dependency>
     <dependency>
       <groupId>org.apache.parquet</groupId>
diff --git a/oap-ape/ape-java/ape-flink/ape-flink-common/pom.xml b/oap-ape/ape-java/ape-flink/ape-flink-common/pom.xml
index b89062c18..5831b0ecf 100755
--- a/oap-ape/ape-java/ape-flink/ape-flink-common/pom.xml
+++ b/oap-ape/ape-java/ape-flink/ape-flink-common/pom.xml
@@ -115,6 +115,14 @@
           <groupId>com.google.protobuf</groupId>
           <artifactId>protobuf-java</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.slf4j</groupId>
+          <artifactId>slf4j-log4j12</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
 
@@ -128,17 +136,17 @@
           <groupId>com.google.protobuf</groupId>
           <artifactId>protobuf-java</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.slf4j</groupId>
+          <artifactId>slf4j-log4j12</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
 
-    <!-- slf4j -->
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-log4j12</artifactId>
-      <version>1.7.25</version>
-      <scope>provided</scope>
-    </dependency>
-
     <!--gson-->
     <dependency>
       <groupId>com.google.code.gson</groupId>
diff --git a/oap-ape/ape-java/ape-hcfs/pom.xml b/oap-ape/ape-java/ape-hcfs/pom.xml
index 878c2a495..9662855c5 100644
--- a/oap-ape/ape-java/ape-hcfs/pom.xml
+++ b/oap-ape/ape-java/ape-hcfs/pom.xml
@@ -22,6 +22,16 @@
             <artifactId>hadoop-common</artifactId>
             <version>${hadoop.version}</version>
             <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>log4j</groupId>
+                    <artifactId>log4j</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-log4j12</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.apache.hadoop</groupId>
diff --git a/oap-ape/ape-java/ape-spark/pom.xml b/oap-ape/ape-java/ape-spark/pom.xml
index 2cf77aee3..cd7e6cb19 100644
--- a/oap-ape/ape-java/ape-spark/pom.xml
+++ b/oap-ape/ape-java/ape-spark/pom.xml
@@ -33,6 +33,16 @@
       <groupId>org.apache.spark</groupId>
       <artifactId>spark-core_${scala.binary.version}</artifactId>
       <version>${spark.internal.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.slf4j</groupId>
+          <artifactId>slf4j-log4j12</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.apache.spark</groupId>

From 154e582bf371a0d8951e499473ee469f44d1c76a Mon Sep 17 00:00:00 2001
From: "Yu, Peng" <peng.yu@intel.com>
Date: Tue, 14 Dec 2021 15:41:00 +0800
Subject: [PATCH 3/3] update github action to follow the newest pmem-common

---
 .github/workflows/ape_java.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ape_java.yaml b/.github/workflows/ape_java.yaml
index 53aca6faf..9d63dda12 100644
--- a/.github/workflows/ape_java.yaml
+++ b/.github/workflows/ape_java.yaml
@@ -27,7 +27,7 @@ jobs:
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} # todo: which pom.xml?
           restore-keys: ${{ runner.os }}-m2
       - name: pmem-common dependency
-        run: cd /tmp; git clone https://github.com/oap-project/pmem-common.git; cd pmem-common/; git checkout branch-1.1-spark-3.x; mvn install -am -q -DskipTests
+        run: cd /tmp; git clone https://github.com/oap-project/pmem-common.git; cd pmem-common/; mvn install -am -q -DskipTests
       - name: ICL library dependency
         run: cd /tmp; git clone https://github.com/Intel-bigdata/IntelCodecLibrary; cd IntelCodecLibrary/; mvn clean install
       - name: Build with Maven