From f97468b88f5dec4f047cdfa09c3d35920bbf4665 Mon Sep 17 00:00:00 2001 From: "Yu, Peng" Date: Tue, 14 Dec 2021 19:26:17 +0800 Subject: [PATCH] [POAE7-1418] fix vulnerability introduced by log4j --- .github/workflows/ape_java.yaml | 2 +- HCFS-based-cache/pom.xml | 10 ++++++++ Plasma-based-cache/pom.xml | 36 +++++++++++++++++++++++++++++ oap-ape/ape-java/ape-common/pom.xml | 13 ++++++++++- 4 files changed, 59 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ape_java.yaml b/.github/workflows/ape_java.yaml index 9d63dda12..53aca6faf 100644 --- a/.github/workflows/ape_java.yaml +++ b/.github/workflows/ape_java.yaml @@ -27,7 +27,7 @@ jobs: key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} # todo: which pom.xml? restore-keys: ${{ runner.os }}-m2 - name: pmem-common dependency - run: cd /tmp; git clone https://github.com/oap-project/pmem-common.git; cd pmem-common/; mvn install -am -q -DskipTests + run: cd /tmp; git clone https://github.com/oap-project/pmem-common.git; cd pmem-common/; git checkout branch-1.1-spark-3.x; mvn install -am -q -DskipTests - name: ICL library dependency run: cd /tmp; git clone https://github.com/Intel-bigdata/IntelCodecLibrary; cd IntelCodecLibrary/; mvn clean install - name: Build with Maven diff --git a/HCFS-based-cache/pom.xml b/HCFS-based-cache/pom.xml index 015975ae1..14dbfd3a4 100644 --- a/HCFS-based-cache/pom.xml +++ b/HCFS-based-cache/pom.xml @@ -36,6 +36,16 @@ hadoop-common ${hadoop.version} provided + + + log4j + log4j + + + org.slf4j + slf4j-log4j12 + + org.apache.hadoop diff --git a/Plasma-based-cache/pom.xml b/Plasma-based-cache/pom.xml index b9c27cd19..b60d8e8af 100644 --- a/Plasma-based-cache/pom.xml +++ b/Plasma-based-cache/pom.xml @@ -131,6 +131,10 @@ io.pmem libpmemkv-jni + + org.slf4j + slf4j-log4j12 + @@ -213,6 +217,16 @@ org.apache.spark spark-core_${scala.binary.version} ${spark.internal.version} + + + log4j + log4j + + + org.slf4j + slf4j-log4j12 + + org.apache.spark @@ -220,6 +234,28 @@ ${spark.internal.version} test-jar test + + + log4j + log4j + + + org.slf4j + slf4j-log4j12 + + + + + org.apache.logging.log4j + log4j-slf4j-impl + 2.15.0 + test + + + org.apache.logging.log4j + log4j-1.2-api + 2.15.0 + test org.apache.spark diff --git a/oap-ape/ape-java/ape-common/pom.xml b/oap-ape/ape-java/ape-common/pom.xml index 709fc56ed..e5e8b62d3 100644 --- a/oap-ape/ape-java/ape-common/pom.xml +++ b/oap-ape/ape-java/ape-common/pom.xml @@ -89,7 +89,18 @@ com.intel.oap pmem-common - 1.2.0-snapshot + 1.1.0 + + + org.slf4j + slf4j-log4j12 + + + + + org.apache.logging.log4j + log4j-slf4j-impl + 2.15.0 org.apache.parquet