From 1b152bb4b1a70f30790d8ed66b0294d911d7ccee Mon Sep 17 00:00:00 2001 From: vv770d Date: Tue, 14 Dec 2021 23:28:16 +0000 Subject: [DCAE/ves] Remediation for Log4Shell vulnerability Change-Id: I74221f5e661c1065d94542df403dd2134f7d93e1 Signed-off-by: vv770d Issue-ID: DCAEGEN2-3022 --- Changelog.md | 138 +++++++++++++++++++++++++++++++---------------------- pom.xml | 17 +++++-- version.properties | 2 +- 3 files changed, 96 insertions(+), 61 deletions(-) diff --git a/Changelog.md b/Changelog.md index 91cf77bb..c8997400 100644 --- a/Changelog.md +++ b/Changelog.md @@ -4,65 +4,89 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). -## [1.6.0] - 13/05/2020 - - [DCAEGEN2-608](https://jira.onap.org/browse/DCAEGEN2-608) - Expose Prometheus API for performance tests -## [1.6.1] - 21/05/2020 - - [DCAEGEN2-608](https://jira.onap.org/browse/DCAEGEN2-608) - Deployment Prometheus and Grafana on RKE for perf tests -## [1.6.2] - 01/06/2020 - - [DCAEGEN2-2245](https://jira.onap.org/browse/DCAEGEN2-2245) - Code improvements - Increase code coverage: - - HeaderUtil - - EnvProps - - WebMvcConfig -## [1.7.0] - 09/07/2020 - - [DCAEGEN2-2254](https://jira.onap.org/browse/DCAEGEN2-2254) - Update schema to CommonEventFormat_30.2_ONAP in the eventListerner/v7 interface -## [1.7.1] - 13/07/2020 - - [DCAEGEN2-1484](https://jira.onap.org/browse/DCAEGEN2-1484) - VESCollector DMaap publish optimization - - [DCAEGEN2-2254](https://jira.onap.org/browse/DCAEGEN2-2254) - Add new data-format for 30.2_ONAP schema version -## [1.7.2] - 04/08/2020 - - [DCAEGEN2-1771](https://jira.onap.org/browse/DCAEGEN2-1771) - Add StndDefined event routing to dmaap streams defined in namespace event field - no second stage event validation. - Fix error response model - Update DPO model -## [1.7.3] - 10/08/2020 - - [DCAEGEN2-2264](https://jira.onap.org/browse/DCAEGEN2-2264) - Add implementation of stndDefined fields validation -## [1.7.4] - 04/08/2020 - - [DCAEGEN2-2212](https://jira.onap.org/browse/DCAEGEN2-2212) - Config fetch for VESCollector through DCAE-SDK (CBS Client) - - [DCAEGEN2-2264](https://jira.onap.org/browse/DCAEGEN2-2264) - Post stndDefined implementation fixes -## [1.7.5] - 09/09/2020 - - [DCAEGEN2-2264](https://jira.onap.org/browse/DCAEGEN2-2264) - Update schema-map.json - - [DCAEGEN2-2426](https://jira.onap.org/browse/DCAEGEN2-2426) - Fix bug throwing exception when first event is collected -## [1.7.6] - 18/09/2020 - - [DCAEGEN-2374](https://jira.onap.org/browse/DCAEGEN2-2374) - Fix an error reported by DMaapEventPublisher test when pk is not available. - - [DCAEGEN2-2453](https://jira.onap.org/browse/DCAEGEN2-2453) - Fix VES problem with subsequent fetching from CBS. -## [1.7.7] - 29/09/2020 - - [DCAEGEN2-2462](https://jira.onap.org/browse/DCAEGEN2-2462) - Adapt schema-map.json and test files to updated 3GPP repos -## [1.7.8] - 13/10/2020 - - [DCAEGEN2-2478](https://jira.onap.org/browse/DCAEGEN2-2478) - Add logs from external-repo-manager lib -## [1.7.9] - 01/11/2020 - - [DCAEGEN2-2495](https://jira.onap.org/browse/DCAEGEN2-2495) - Ves Collector is down because of java heap space -## [1.7.10] - 10/02/2021 - - [DCAEGEN2-2593](https://jira.onap.org/browse/DCAEGEN2-2593) - Vulnerability removal for ves collector -## [1.7.11] - 18/02/2021 - - [DCAEGEN2-2593](https://jira.onap.org/browse/DCAEGEN2-2593) - Vulnerability removal for ves collector - Fix sonar reporting problem -## [1.8.0] - 24/02/2021 - - [DCAEGEN2-2477](https://jira.onap.org/browse/DCAEGEN2-2477) - Update VESCollector CommonEventSchema to ONAP/Honolulu version -## [1.9.0] - 18/03/2021 - - [DCAEGEN2-2682](https://jira.onap.org/browse/DCAEGEN2-2682) - Update libraries -## [1.9.1] - 22/03/2021 - - [DCAEGEN2-2683](https://jira.onap.org/browse/DCAEGEN2-2683) - Enable Spring Prometheus metrics end-point in VES - Remove mvn profile for enable/disable Prometheus metrics -## [1.9.2] - 14/05/2021 - - [DCAEGEN2-2683](https://jira.onap.org/browse/DCAEGEN2-2683) - Enable Spring Prometheus metrics end-point in VES - Temporary add mvn profile for enabling/disabling Prometheus metrics -## [1.10.0] - 11/06/2021 +## [1.10.2] - 2021/12/14 + - [DCAEGEN2-3022] - Remediation for Log4Shell vulnerability + +## [1.10.1] - 2021/08/31 + - [DCAEGEN2-1483](https://jira.onap.org/browse/DCAEGEN2-2719) - CBS-Client supporting configMap + - update CBS-Client from 1.8.0 to 1.8.7 in order to enable config file support + - fix ambiguous spring-boot-maven-plugin import - set it to 2.4.3 + - fix ambiguous base docker image - set it to openjdk:11.0.11-jre-slim + +## [1.10.0] - 2021/06/11 - [DCAEGEN2-1483](https://jira.onap.org/browse/DCAEGEN2-1483) - VESCollector Event ordering - remove cambria, add DmaaP client - sending event for many topics at once is no longer supported - add backward compatibility status codes - add additional validation for batchEvent -## [1.10.1] - 31/08/2021 - - [DCAEGEN2-1483](https://jira.onap.org/browse/DCAEGEN2-2719) - CBS-Client supporting configMap - - update CBS-Client from 1.8.0 to 1.8.7 in order to enable config file support - - fix ambiguous spring-boot-maven-plugin import - set it to 2.4.3 - - fix ambiguous base docker image - set it to openjdk:11.0.11-jre-slim + +## [1.9.2] - 2021/05/14 + - [DCAEGEN2-2683](https://jira.onap.org/browse/DCAEGEN2-2683) - Enable Spring Prometheus metrics end-point in VES + Temporary add mvn profile for enabling/disabling Prometheus metrics + +## [1.9.1] - 2021/03/22 + - [DCAEGEN2-2683](https://jira.onap.org/browse/DCAEGEN2-2683) - Enable Spring Prometheus metrics end-point in VES + Remove mvn profile for enable/disable Prometheus metrics + +## [1.9.0] - 2021/03/18 + - [DCAEGEN2-2682](https://jira.onap.org/browse/DCAEGEN2-2682) - Update libraries + +## [1.8.0] - 2021/02/24 + - [DCAEGEN2-2477](https://jira.onap.org/browse/DCAEGEN2-2477) - Update VESCollector CommonEventSchema to ONAP/Honolulu version + +## [1.7.11] - 2021/02/18 + - [DCAEGEN2-2593](https://jira.onap.org/browse/DCAEGEN2-2593) - Vulnerability removal for ves collector + Fix sonar reporting problem + +## [1.7.10] - 2021/02/10 + - [DCAEGEN2-2593](https://jira.onap.org/browse/DCAEGEN2-2593) - Vulnerability removal for ves collector + +## [1.7.9] - 2020/11/01 + - [DCAEGEN2-2495](https://jira.onap.org/browse/DCAEGEN2-2495) - Ves Collector is down because of java heap space + +## [1.7.8] - 2020/10/13 + - [DCAEGEN2-2478](https://jira.onap.org/browse/DCAEGEN2-2478) - Add logs from external-repo-manager lib + +## [1.7.7] - 2020/09/29 + - [DCAEGEN2-2462](https://jira.onap.org/browse/DCAEGEN2-2462) - Adapt schema-map.json and test files to updated 3GPP repos + +## [1.7.6] - 2020/09/18 + - [DCAEGEN-2374](https://jira.onap.org/browse/DCAEGEN2-2374) - Fix an error reported by DMaapEventPublisher test when pk is not available. + - [DCAEGEN2-2453](https://jira.onap.org/browse/DCAEGEN2-2453) - Fix VES problem with subsequent fetching from CBS. + +## [1.7.5] - 2020/09/09 + - [DCAEGEN2-2264](https://jira.onap.org/browse/DCAEGEN2-2264) - Update schema-map.json + - [DCAEGEN2-2426](https://jira.onap.org/browse/DCAEGEN2-2426) - Fix bug throwing exception when first event is collected + +## [1.7.4] - 2020/08/04 + - [DCAEGEN2-2212](https://jira.onap.org/browse/DCAEGEN2-2212) - Config fetch for VESCollector through DCAE-SDK (CBS Client) + - [DCAEGEN2-2264](https://jira.onap.org/browse/DCAEGEN2-2264) - Post stndDefined implementation fixes + +## [1.7.3] - 2020/08/10 + - [DCAEGEN2-2264](https://jira.onap.org/browse/DCAEGEN2-2264) - Add implementation of stndDefined fields validation + +## [1.7.2] - 2020/08/04 + - [DCAEGEN2-1771](https://jira.onap.org/browse/DCAEGEN2-1771) - Add StndDefined event routing to dmaap streams defined in namespace event field - no second stage event validation. + Fix error response model + Update DPO model + +## [1.7.1] - 2020/07/13 + - [DCAEGEN2-1484](https://jira.onap.org/browse/DCAEGEN2-1484) - VESCollector DMaap publish optimization + - [DCAEGEN2-2254](https://jira.onap.org/browse/DCAEGEN2-2254) - Add new data-format for 30.2_ONAP schema version + +## [1.7.0] - 2020/07/09 + - [DCAEGEN2-2254](https://jira.onap.org/browse/DCAEGEN2-2254) - Update schema to CommonEventFormat_30.2_ONAP in the eventListerner/v7 interface + +## [1.6.2] - 2020/06/01 + - [DCAEGEN2-2245](https://jira.onap.org/browse/DCAEGEN2-2245) - Code improvements + Increase code coverage: + - HeaderUtil + - EnvProps + - WebMvcConfig + +## [1.6.1] - 2020/05/21 + - [DCAEGEN2-608](https://jira.onap.org/browse/DCAEGEN2-608) - Deployment Prometheus and Grafana on RKE for perf tests + +## [1.6.0] - 2020/05/13 + - [DCAEGEN2-608](https://jira.onap.org/browse/DCAEGEN2-608) - Expose Prometheus API for performance tests + diff --git a/pom.xml b/pom.xml index b4fb8830..acfb8183 100644 --- a/pom.xml +++ b/pom.xml @@ -1,7 +1,7 @@