diff options
| author |   ajay_dp001 <ajay.deep.singh@est.tech> | 2021-01-28 14:33:07 +0530 |
|---|---|---|
| committer | ajay_dp001 <ajay.deep.singh@est.tech> | 2021-02-09 17:57:20 +0530 |
| commit | cabe143a7c7c8011139cbb3c154abc4c3616c66f (patch) | |
| tree | 0568507a3f5e6b0dee4ae2f16bbd6ebcb77d3b53 /etc | |
| parent | 8333cde6f59d9a3b341c7e762cf68df8f316b962 (diff) | |
[DMaap-msgrtr] Update Security Vulnerabilities
- Log4j version 1.2.17 to 2.13.3
- commons-codec version 1.11 to 1.15
- jackson-databind version 2.8.11.1 to 2.11.2
- grails-bootstrap version 2.5.4 to 4.0.1
- httpclient version 4.5.3 to 4.5.13
- Code Refactoring
Issue-ID: DMAAP-1515
Signed-off-by: ajay_dp001 <ajay.deep.singh@est.tech>
Change-Id: I6d52dd85e1ca82b5863815b26e4d521f9dac28b7
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/log4j.xml | 65 | ||||
| -rw-r--r-- | etc/log4j2.xml | 62 | ||||
| -rw-r--r-- | etc/log4j2_template.xml | 60 | ||||
| -rw-r--r-- | etc/log4j_template.xml | 63 |
4 files changed, 122 insertions, 128 deletions
diff --git a/etc/log4j.xml b/etc/log4j.xml deleted file mode 100644 index 5a15348..0000000 --- a/etc/log4j.xml +++ /dev/null @@ -1,65 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - ============LICENSE_START======================================================= - org.onap.dmaap - ================================================================================ - Copyright © 2017 AT&T Intellectual Property. All rights reserved. - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ============LICENSE_END========================================================= - - ECOMP is a trademark and service mark of AT&T Intellectual Property. - - --> - -<!DOCTYPE log4j:configuration PUBLIC - "-//APACHE//DTD LOG4J 1.2//EN" "http://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/xml/doc-files/log4j.dtd"> - -<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false"> - - <!-- available for console output, not generally used in deployment --> - <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender"> - <param name="threshold" value="INFO" /> - <layout class="org.apache.log4j.EnhancedPatternLayout"> - <param name="ConversionPattern" value="[%d{ISO8601}{GMT+0} GMT][%-10t][%-5p]%m%n" /> - </layout> - </appender> - - <appender name="FILE" class="org.apache.log4j.RollingFileAppender"> - <param name="threshold" value="INFO" /> - <param name="File" value="./logs/cambria.log" /> <!-- use local dir by default; prod setup can overwrite --> - <param name="MaxFileSize" value="128MB"/> - <param name="MaxBackupIndex" value="10"/> - <layout class="org.apache.log4j.EnhancedPatternLayout"> - <param name="ConversionPattern" value="[%d{ISO8601}{GMT+0} GMT][%-10t][%-5p]%m%n" /> - </layout> - </appender> - - <appender name="ECOMP_ERROR" class="org.apache.log4j.RollingFileAppender"> - <param name="threshold" value="INFO" /> - <param name="File" value="./logs/error.log" /> <!-- use local dir by default; prod setup can overwrite --> - <param name="MaxFileSize" value="128MB"/> - <param name="MaxBackupIndex" value="10"/> - <layout class="org.apache.log4j.EnhancedPatternLayout"> - <param name="ConversionPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss}{GMT+0}+00:00|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{instanceUuid}|%p|%X{severity}|%X{serverIpAddress}|%X{server}|%X{ipAddress}|%X{className}|%X{timer}|%m%n" /> - </layout> - </appender> - <!-- the other 3 ECOMP logs are omitted for this release --> - - <root> - <level value="INFO" /> - <appender-ref ref="FILE" /> - <appender-ref ref="ECOMP_ERROR" /> - <appender-ref ref="CONSOLE" /> - </root> - -</log4j:configuration> diff --git a/etc/log4j2.xml b/etc/log4j2.xml new file mode 100644 index 0000000..0918f35 --- /dev/null +++ b/etc/log4j2.xml @@ -0,0 +1,62 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2021 Nordix Foundation. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= + --> + +<Configuration status="WARN"> + <Appenders> + <!-- Console Appender --> + <Console name="STDOUT" target="SYSTEM_OUT"> + <PatternLayout pattern="[%d{ISO8601}{GMT+0} GMT][%-10t][%-5p]%m%n"/> + </Console> + + <!-- Rolling File Appender --> + <RollingFile name="rollingFile"> + <FileName>./logs/cambria.log</FileName> + <FilePattern>./logs/${date:yyyy-MM}/cambria-%d{yyyy-MM-dd}-%i.log</FilePattern> + <PatternLayout> + <Pattern>[%d{ISO8601}{GMT+0} GMT][%-10t][%-5p]%m%n</Pattern> + </PatternLayout> + <Policies> + <SizeBasedTriggeringPolicy size="128 MB"/> + </Policies> + <DefaultRolloverStrategy max="10"/> + </RollingFile> + + <!-- Rolling File Appender --> + <RollingFile name="rollingFile_ECOMP_ERROR"> + <FileName>./logs/error.log</FileName> + <FilePattern>./logs/${date:yyyy-MM}/error-%d{yyyy-MM-dd}-%i.log</FilePattern> + <PatternLayout> + <Pattern>%d{yyyy-MM-dd'T'HH:mm:ss}{GMT+0}+00:00|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{instanceUuid}|%p|%X{severity}|%X{serverIpAddress}|%X{server}|%X{ipAddress}|%X{className}|%X{timer}|%m%n</Pattern> + </PatternLayout> + <Policies> + <SizeBasedTriggeringPolicy size="128 MB"/> + </Policies> + <DefaultRolloverStrategy max="10"/> + </RollingFile> + </Appenders> + <Loggers> + <Root level="info"> + <AppenderRef ref="STDOUT"/> + <AppenderRef ref="rollingFile"/> + <AppenderRef ref="rollingFile_ECOMP_ERROR"/> + </Root> + </Loggers> +</Configuration>
\ No newline at end of file diff --git a/etc/log4j2_template.xml b/etc/log4j2_template.xml new file mode 100644 index 0000000..1c70479 --- /dev/null +++ b/etc/log4j2_template.xml @@ -0,0 +1,60 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2021 Nordix Foundation. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= + --> + +<Configuration status="WARN"> + <Appenders> + <!-- Console Appender --> + <Console name="STDOUT" target="SYSTEM_OUT"> + <PatternLayout pattern="[%d{ISO8601}{GMT+0} GMT][%-10t][%-5p][%X{serverIp}]%m%n"/> + </Console> + + <!-- Rolling File Appender --> + <RollingFile name="rollingFile"> + <FileName>./${CAMBRIA_LOG_DIR}/cambria.log</FileName> + <FilePattern>./${CAMBRIA_LOG_DIR}/${date:yyyy-MM}/cambria-%d{yyyy-MM-dd}-%i.log</FilePattern> + <PatternLayout> + <Pattern>%d{yyyy-MM-dd'T'HH:mm:ss}{GMT+0}+00:00|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{instanceUuid}|%p|%X{severity}|%X{serverIpAddress}|%X{server}|%X{ipAddress}|%X{className}|%X{timer}|%m%n</Pattern> + </PatternLayout> + <Policies> + <SizeBasedTriggeringPolicy size="128 MB"/> + </Policies> + <DefaultRolloverStrategy max="10"/> + </RollingFile> + + <!-- Rolling File Appender --> + <RollingFile name="rollingFile_ECOMP_ERROR"> + <FileName>./${CAMBRIA_LOG_DIR}/error.log</FileName> + <FilePattern>./${CAMBRIA_LOG_DIR}/${date:yyyy-MM}/error-%d{yyyy-MM-dd}-%i.log</FilePattern> + <PatternLayout> + <Pattern>%d{yyyy-MM-dd'T'HH:mm:ss}{GMT+0}+00:00|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{instanceUuid}|%p|%X{severity}|%X{serverIpAddress}|%X{server}|%X{ipAddress}|%X{className}|%X{timer}|%m%n</Pattern> + </PatternLayout> + <Policies> + <SizeBasedTriggeringPolicy size="128 MB"/> + </Policies> + <DefaultRolloverStrategy max="10"/> + </RollingFile> + </Appenders> + <Loggers> + <Root level="${CAMBRIA_LOG_THRESHOLD}"> + <AppenderRef ref="rollingFile"/> + </Root> + </Loggers> +</Configuration>
\ No newline at end of file diff --git a/etc/log4j_template.xml b/etc/log4j_template.xml deleted file mode 100644 index 808a1bc..0000000 --- a/etc/log4j_template.xml +++ /dev/null @@ -1,63 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - ============LICENSE_START======================================================= - org.onap.dmaap - ================================================================================ - Copyright © 2017 AT&T Intellectual Property. All rights reserved. - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ============LICENSE_END========================================================= - - ECOMP is a trademark and service mark of AT&T Intellectual Property. - - --> - -<!DOCTYPE log4j:configuration PUBLIC - "-//APACHE//DTD LOG4J 1.2//EN" "http://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/xml/doc-files/log4j.dtd"> - -<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false"> - - <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender"> - <param name="threshold" value="INFO" /> - <layout class="org.apache.log4j.EnhancedPatternLayout"> - <param name="ConversionPattern" value="[%d{ISO8601}{GMT+0} GMT][%-10t][%-5p][%X{serverIp}]%m%n" /> - </layout> - </appender> - - <appender name="FILE" class="org.apache.log4j.RollingFileAppender"> - <param name="threshold" value="${CAMBRIA_LOG_THRESHOLD}" /> - <param name="File" value="${CAMBRIA_LOG_DIR}/cambria.log" /> - <param name="MaxFileSize" value="128MB"/> - <param name="MaxBackupIndex" value="10"/> - <layout class="org.apache.log4j.EnhancedPatternLayout"> - <param name="ConversionPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss}{GMT+0}+00:00|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{instanceUuid}|%p|%X{severity}|%X{serverIpAddress}|%X{server}|%X{ipAddress}|%X{className}|%X{timer}|%m%n" /> - </layout> - </appender> - - <!-- The ECOMP error.log log --> - <appender name="ECOMP_ERROR" class="org.apache.log4j.RollingFileAppender"> - <param name="threshold" value="INFO" /> - <param name="File" value="${CAMBRIA_LOG_DIR}/error.log" /> - <param name="MaxFileSize" value="128MB"/> - <param name="MaxBackupIndex" value="10"/> - <layout class="org.apache.log4j.EnhancedPatternLayout"> - <param name="ConversionPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss}{GMT+0}+00:00|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{instanceUuid}|%p|%X{severity}|%X{serverIpAddress}|%X{server}|%X{ipAddress}|%X{className}|%X{timer}|%m%n" /> - </layout> - </appender> - <!-- the other 3 ECOMP logs are omitted for this release --> - - <root> - <level value="${CAMBRIA_LOG_THRESHOLD}" /> - <appender-ref ref="FILE" /> - </root> - -</log4j:configuration> |