From 2b9833c7cb133db3022e93f39fb1b452d1d956f4 Mon Sep 17 00:00:00 2001 From: John Niang Date: Sun, 12 Dec 2021 11:29:07 +0800 Subject: [PATCH] fix: security warning of log4j 0-day (#1592) * fix: security warning of log4j 0-day * refactor: log4j version * feat: add a todo comment Co-authored-by: guqing <1484563614@qq.com> --- build.gradle | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index 8abc1a57..e28694e1 100644 --- a/build.gradle +++ b/build.gradle @@ -33,7 +33,6 @@ configurations { } } - bootJar { manifest { attributes "Implementation-Title": "Halo Application", @@ -97,9 +96,14 @@ ext { huaweiObsVersion = "3.19.7" templateInheritanceVersion = "0.4.RELEASE" jsoupVersion = "1.13.1" + log4jVersion = "2.15.0" } dependencies { + // Aligning log4j dependency versions to 2.15.0 + implementation enforcedPlatform("org.apache.logging.log4j:log4j-core:$log4jVersion") + implementation enforcedPlatform("org.apache.logging.log4j:log4j-api:$log4jVersion") + implementation "org.springframework.boot:spring-boot-starter-actuator" implementation "org.springframework.boot:spring-boot-starter-data-jpa" implementation "org.springframework.boot:spring-boot-starter-web" @@ -114,7 +118,8 @@ dependencies { implementation "com.aliyun.oss:aliyun-sdk-oss:$aliyunSdkVersion" implementation "com.baidubce:bce-java-sdk:$baiduSdkVersion" implementation "com.qcloud:cos_api:$qcloudSdkVersion" - implementation "com.huaweicloud:esdk-obs-java:$huaweiObsVersion" + // TODO Upgrade huaweicloud sdk dependence to fix log4j 0-day vulnerability + implementation("com.huaweicloud:esdk-obs-java:$huaweiObsVersion") implementation "io.minio:minio:$minioSdkVersion" implementation "io.springfox:springfox-boot-starter:$swaggerVersion" implementation "commons-fileupload:commons-fileupload:$commonsFileUploadVersion" -- GitLab