diff options
| author |   Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2022-01-10 13:20:43 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@onap.org> | 2022-01-10 13:20:43 +0000 |
| commit | 5b7535bde830b1e29ebd49b33a92db004a0636a1 (patch) | |
| tree | 3034de23adc3fcb7e3dee5cd2cf6f21589defef6 | |
| parent | c7b7cbb34f473f5f8942f6331a4d410a9b5e69fa (diff) | |
| parent | 5d5c39e47357f34c20ec53799442e3df107a5c24 (diff) | |
Merge changes I816c59e3,I99e55519
* changes:
[OOM-CERT-SERVICE]Fix Apache log4j2 vulnerability
Top up project version to 2.5.0
| -rw-r--r-- | certService/pom.xml | 33 | ||||
| -rw-r--r-- | certService/src/main/java/org/onap/oom/certservice/certification/configuration/validation/ValidatorConfiguration.java | 35 | ||||
| -rw-r--r-- | certServiceK8sExternalProvider/pom.xml | 2 | ||||
| -rw-r--r-- | certServicePostProcessor/pom.xml | 24 | ||||
| -rw-r--r-- | pom.xml | 44 | ||||
| -rw-r--r-- | version.properties | 2 |
6 files changed, 117 insertions, 23 deletions
diff --git a/certService/pom.xml b/certService/pom.xml index 4ad5b4ac..13fed005 100644 --- a/certService/pom.xml +++ b/certService/pom.xml @@ -18,10 +18,10 @@ <parent> <groupId>org.onap.oom.platform.cert-service</groupId> <artifactId>oom-certservice</artifactId> - <version>2.4.0-SNAPSHOT</version> + <version>2.5.0-SNAPSHOT</version> </parent> <artifactId>oom-certservice-api</artifactId> - <version>2.4.0-SNAPSHOT</version> + <version>2.5.0-SNAPSHOT</version> <name>oom-certservice-api</name> <description>OOM Certification Service Api</description> <packaging>jar</packaging> @@ -32,8 +32,24 @@ <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> - <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-log4j2</artifactId> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-slf4j-impl</artifactId> + <version>${log4j2.version}</version> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-api</artifactId> + <version>${log4j2.version}</version> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-core</artifactId> + <version>${log4j2.version}</version> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-jul</artifactId> + <version>${log4j2.version}</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> @@ -78,7 +94,14 @@ <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-config</artifactId> - <version>${spring-cloud-starter-config.version}</version> + </dependency> + <dependency> + <groupId>org.springframework.cloud</groupId> + <artifactId>spring-cloud-starter-bootstrap</artifactId> + </dependency> + <dependency> + <groupId>org.hibernate.validator</groupId> + <artifactId>hibernate-validator</artifactId> </dependency> </dependencies> diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/configuration/validation/ValidatorConfiguration.java b/certService/src/main/java/org/onap/oom/certservice/certification/configuration/validation/ValidatorConfiguration.java new file mode 100644 index 00000000..952e59f2 --- /dev/null +++ b/certService/src/main/java/org/onap/oom/certservice/certification/configuration/validation/ValidatorConfiguration.java @@ -0,0 +1,35 @@ +/* + * ============LICENSE_START======================================================= + * oom-certservice-api + * ================================================================================ + * Copyright (C) 2021 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + + +package org.onap.oom.certservice.certification.configuration.validation; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.validation.beanvalidation.LocalValidatorFactoryBean; + +@Configuration +public class ValidatorConfiguration { + + @Bean + public LocalValidatorFactoryBean validator() { + return new LocalValidatorFactoryBean(); + } +} diff --git a/certServiceK8sExternalProvider/pom.xml b/certServiceK8sExternalProvider/pom.xml index a64b9a6b..30b419ef 100644 --- a/certServiceK8sExternalProvider/pom.xml +++ b/certServiceK8sExternalProvider/pom.xml @@ -5,7 +5,7 @@ <parent> <artifactId>oom-certservice</artifactId> <groupId>org.onap.oom.platform.cert-service</groupId> - <version>2.4.0-SNAPSHOT</version> + <version>2.5.0-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/certServicePostProcessor/pom.xml b/certServicePostProcessor/pom.xml index 0584043d..5ea30809 100644 --- a/certServicePostProcessor/pom.xml +++ b/certServicePostProcessor/pom.xml @@ -5,12 +5,12 @@ <parent> <artifactId>oom-certservice</artifactId> <groupId>org.onap.oom.platform.cert-service</groupId> - <version>2.4.0-SNAPSHOT</version> + <version>2.5.0-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>oom-certservice-post-processor</artifactId> - <version>2.4.0-SNAPSHOT</version> + <version>2.5.0-SNAPSHOT</version> <name>oom-certservice-post-processor</name> <description>An application which conducts certificate post-processing like: merging truststores, copying keystores.</description> <packaging>jar</packaging> @@ -166,8 +166,24 @@ <artifactId>slf4j-api</artifactId> </dependency> <dependency> - <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-log4j2</artifactId> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-slf4j-impl</artifactId> + <version>${log4j2.version}</version> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-api</artifactId> + <version>${log4j2.version}</version> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-core</artifactId> + <version>${log4j2.version}</version> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-jul</artifactId> + <version>${log4j2.version}</version> </dependency> <dependency> <groupId>org.bouncycastle</groupId> @@ -23,7 +23,7 @@ </parent> <groupId>org.onap.oom.platform.cert-service</groupId> <artifactId>oom-certservice</artifactId> - <version>2.4.0-SNAPSHOT</version> + <version>2.5.0-SNAPSHOT</version> <name>oom-certservice</name> <description>OOM Certification Service</description> <packaging>pom</packaging> @@ -40,13 +40,14 @@ <!-- Dependencies --> <assertj-core.version>3.15.0</assertj-core.version> <mockito-core.version>3.2.4</mockito-core.version> - <spring-core.version>5.2.3.RELEASE</spring-core.version> - <spring-boot-starter.version>2.2.4.RELEASE</spring-boot-starter.version> <maven-javadoc-plugin.version>3.1.1</maven-javadoc-plugin.version> <maven-surefire-plugin.version>3.0.0-M4</maven-surefire-plugin.version> - <spring-boot-starter-actuator.version>2.2.4.RELEASE</spring-boot-starter-actuator.version> - <spring-boot-starter-log4j2.version>2.1.5.RELEASE</spring-boot-starter-log4j2.version> - <spring-cloud-starter-config.version>2.2.1.RELEASE</spring-cloud-starter-config.version> + <spring-boot-starter.version>2.5.8</spring-boot-starter.version> + <spring-boot-starter-actuator.version>2.6.1</spring-boot-starter-actuator.version> + <spring-boot-starter-log4j2.version>2.6.2</spring-boot-starter-log4j2.version> + + <spring.cloud-version>2020.0.3</spring.cloud-version> + <springdoc-openapi-ui.version>1.2.30</springdoc-openapi-ui.version> <bouncycastle.version>1.60</bouncycastle.version> <docker-maven-plugin.version>0.33.0</docker-maven-plugin.version> @@ -58,7 +59,7 @@ <commons-io.version>2.6</commons-io.version> <junit.version>5.5.2</junit.version> <mockito-junit-jupiter.version>2.17.0</mockito-junit-jupiter.version> - + <log4j2.version>2.17.1</log4j2.version> <!-- Docker --> <skipDockerPush>true</skipDockerPush> <maven.build.timestamp.format>yyyyMMdd'T'HHmmss</maven.build.timestamp.format> @@ -184,11 +185,11 @@ </exclusion> </exclusions> </dependency> - <dependency> - <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-log4j2</artifactId> - <version>${spring-boot-starter-log4j2.version}</version> - </dependency> +<!-- <dependency>--> +<!-- <groupId>org.springframework.boot</groupId>--> +<!-- <artifactId>spring-boot-starter-log4j2</artifactId>--> +<!-- <version>${spring-boot-starter-log4j2.version}</version>--> +<!-- </dependency>--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> @@ -281,6 +282,25 @@ <scope>test</scope> </dependency> + <dependency> + <groupId>org.hibernate.validator</groupId> + <artifactId>hibernate-validator</artifactId> + <version>6.2.1.Final</version> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-bom</artifactId> + <version>${log4j2.version}</version> + <scope>import</scope> + <type>pom</type> + </dependency> + <dependency> + <groupId>org.springframework.cloud</groupId> + <artifactId>spring-cloud-dependencies</artifactId> + <version>${spring.cloud-version}</version> + <type>pom</type> + <scope>import</scope> + </dependency> </dependencies> </dependencyManagement> diff --git a/version.properties b/version.properties index c0f75b6a..6c697332 100644 --- a/version.properties +++ b/version.properties @@ -1,5 +1,5 @@ major=2 -minor=4 +minor=5 patch=0 base_version=${major}.${minor}.${patch} release_version=${base_version} |