diff options
| author |   Tomasz Wrobel <tomasz.wrobel@nokia.com> | 2021-12-23 13:43:31 +0100 |
|---|---|---|
| committer | Tomasz Wrobel <tomasz.wrobel@nokia.com> | 2022-01-10 09:13:59 +0100 |
| commit | 5d5c39e47357f34c20ec53799442e3df107a5c24 (patch) | |
| tree | 59e170092ef1573b9fd259b867dcb4ec65a53be5 | |
| parent | 772825849ca6e40f56c647f3565a59a3d207ba65 (diff) | |
[OOM-CERT-SERVICE]Fix Apache log4j2 vulnerability2.5.0
- Top up spring-boot to 2.5.8
- Top up Apache log4j2 to 2.17.1
- Top up spring-boot-starter-log4j2 to 2.6.2
- Add miising validator bean
Issue-ID: OOM-2903
Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
Change-Id: I816c59e39344bb1fcc2833bcbd58af7fc1c30d78
| -rw-r--r-- | certService/pom.xml | 29 | ||||
| -rw-r--r-- | certService/src/main/java/org/onap/oom/certservice/certification/configuration/validation/ValidatorConfiguration.java | 35 | ||||
| -rw-r--r-- | certServicePostProcessor/pom.xml | 20 | ||||
| -rw-r--r-- | pom.xml | 42 |
4 files changed, 110 insertions, 16 deletions
diff --git a/certService/pom.xml b/certService/pom.xml index 7f559469..13fed005 100644 --- a/certService/pom.xml +++ b/certService/pom.xml @@ -32,8 +32,24 @@ <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> - <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-log4j2</artifactId> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-slf4j-impl</artifactId> + <version>${log4j2.version}</version> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-api</artifactId> + <version>${log4j2.version}</version> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-core</artifactId> + <version>${log4j2.version}</version> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-jul</artifactId> + <version>${log4j2.version}</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> @@ -78,7 +94,14 @@ <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-config</artifactId> - <version>${spring-cloud-starter-config.version}</version> + </dependency> + <dependency> + <groupId>org.springframework.cloud</groupId> + <artifactId>spring-cloud-starter-bootstrap</artifactId> + </dependency> + <dependency> + <groupId>org.hibernate.validator</groupId> + <artifactId>hibernate-validator</artifactId> </dependency> </dependencies> diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/configuration/validation/ValidatorConfiguration.java b/certService/src/main/java/org/onap/oom/certservice/certification/configuration/validation/ValidatorConfiguration.java new file mode 100644 index 00000000..952e59f2 --- /dev/null +++ b/certService/src/main/java/org/onap/oom/certservice/certification/configuration/validation/ValidatorConfiguration.java @@ -0,0 +1,35 @@ +/* + * ============LICENSE_START======================================================= + * oom-certservice-api + * ================================================================================ + * Copyright (C) 2021 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + + +package org.onap.oom.certservice.certification.configuration.validation; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.validation.beanvalidation.LocalValidatorFactoryBean; + +@Configuration +public class ValidatorConfiguration { + + @Bean + public LocalValidatorFactoryBean validator() { + return new LocalValidatorFactoryBean(); + } +} diff --git a/certServicePostProcessor/pom.xml b/certServicePostProcessor/pom.xml index c410a40a..5ea30809 100644 --- a/certServicePostProcessor/pom.xml +++ b/certServicePostProcessor/pom.xml @@ -166,8 +166,24 @@ <artifactId>slf4j-api</artifactId> </dependency> <dependency> - <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-log4j2</artifactId> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-slf4j-impl</artifactId> + <version>${log4j2.version}</version> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-api</artifactId> + <version>${log4j2.version}</version> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-core</artifactId> + <version>${log4j2.version}</version> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-jul</artifactId> + <version>${log4j2.version}</version> </dependency> <dependency> <groupId>org.bouncycastle</groupId> @@ -40,13 +40,14 @@ <!-- Dependencies --> <assertj-core.version>3.15.0</assertj-core.version> <mockito-core.version>3.2.4</mockito-core.version> - <spring-core.version>5.2.3.RELEASE</spring-core.version> - <spring-boot-starter.version>2.2.4.RELEASE</spring-boot-starter.version> <maven-javadoc-plugin.version>3.1.1</maven-javadoc-plugin.version> <maven-surefire-plugin.version>3.0.0-M4</maven-surefire-plugin.version> - <spring-boot-starter-actuator.version>2.2.4.RELEASE</spring-boot-starter-actuator.version> - <spring-boot-starter-log4j2.version>2.1.5.RELEASE</spring-boot-starter-log4j2.version> - <spring-cloud-starter-config.version>2.2.1.RELEASE</spring-cloud-starter-config.version> + <spring-boot-starter.version>2.5.8</spring-boot-starter.version> + <spring-boot-starter-actuator.version>2.6.1</spring-boot-starter-actuator.version> + <spring-boot-starter-log4j2.version>2.6.2</spring-boot-starter-log4j2.version> + + <spring.cloud-version>2020.0.3</spring.cloud-version> + <springdoc-openapi-ui.version>1.2.30</springdoc-openapi-ui.version> <bouncycastle.version>1.60</bouncycastle.version> <docker-maven-plugin.version>0.33.0</docker-maven-plugin.version> @@ -58,7 +59,7 @@ <commons-io.version>2.6</commons-io.version> <junit.version>5.5.2</junit.version> <mockito-junit-jupiter.version>2.17.0</mockito-junit-jupiter.version> - + <log4j2.version>2.17.1</log4j2.version> <!-- Docker --> <skipDockerPush>true</skipDockerPush> <maven.build.timestamp.format>yyyyMMdd'T'HHmmss</maven.build.timestamp.format> @@ -184,11 +185,11 @@ </exclusion> </exclusions> </dependency> - <dependency> - <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-log4j2</artifactId> - <version>${spring-boot-starter-log4j2.version}</version> - </dependency> +<!-- <dependency>--> +<!-- <groupId>org.springframework.boot</groupId>--> +<!-- <artifactId>spring-boot-starter-log4j2</artifactId>--> +<!-- <version>${spring-boot-starter-log4j2.version}</version>--> +<!-- </dependency>--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> @@ -281,6 +282,25 @@ <scope>test</scope> </dependency> + <dependency> + <groupId>org.hibernate.validator</groupId> + <artifactId>hibernate-validator</artifactId> + <version>6.2.1.Final</version> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-bom</artifactId> + <version>${log4j2.version}</version> + <scope>import</scope> + <type>pom</type> + </dependency> + <dependency> + <groupId>org.springframework.cloud</groupId> + <artifactId>spring-cloud-dependencies</artifactId> + <version>${spring.cloud-version}</version> + <type>pom</type> + <scope>import</scope> + </dependency> </dependencies> </dependencyManagement> |