Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
czzxueyang
skywalking
提交
a02dd9c2
S
skywalking
项目概览
czzxueyang
/
skywalking
与 Fork 源项目一致
从无法访问的项目Fork
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
S
skywalking
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
未验证
提交
a02dd9c2
编写于
12月 18, 2021
作者:
K
kezhenxu94
提交者:
GitHub
12月 18, 2021
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Bump up log4j2 to 2.17 (#8314)
上级
af036a97
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
6 addition
and
6 deletion
+6
-6
CHANGES.md
CHANGES.md
+1
-1
dist-material/release-docs/LICENSE
dist-material/release-docs/LICENSE
+1
-1
oap-server-bom/pom.xml
oap-server-bom/pom.xml
+1
-1
tools/dependencies/known-oap-backend-dependencies.txt
tools/dependencies/known-oap-backend-dependencies.txt
+3
-3
未找到文件。
CHANGES.md
浏览文件 @
a02dd9c2
...
@@ -7,7 +7,7 @@ Release Notes.
...
@@ -7,7 +7,7 @@ Release Notes.
#### Project
#### Project
*
Upgrade log4j2 to 2.1
6.0 for CVE-2021-44228 and CVE-2021-45046. This CVE only effects on JDK if JDN
I is opened in
*
Upgrade log4j2 to 2.1
7.0 for CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. This CVE only effects on JDK if JND
I is opened in
default. Notice, using JVM option
`-Dlog4j2.formatMsgNoLookups=true`
or setting
default. Notice, using JVM option
`-Dlog4j2.formatMsgNoLookups=true`
or setting
the
`LOG4J_FORMAT_MSG_NO_LOOKUPS=”true”`
environment variable also avoids CVEs.
the
`LOG4J_FORMAT_MSG_NO_LOOKUPS=”true”`
environment variable also avoids CVEs.
...
...
dist-material/release-docs/LICENSE
浏览文件 @
a02dd9c2
...
@@ -249,7 +249,7 @@ The text of each license is the standard Apache 2.0 license.
...
@@ -249,7 +249,7 @@ The text of each license is the standard Apache 2.0 license.
Apache: commons-lang 3.6: https://github.com/apache/commons-lang, Apache 2.0
Apache: commons-lang 3.6: https://github.com/apache/commons-lang, Apache 2.0
Apache: commons-text 1.8: https://github.com/apache/commons-text, Apache 2.0
Apache: commons-text 1.8: https://github.com/apache/commons-text, Apache 2.0
Apache: commons-beanutils 1.9.4: https://github.com/apache/commons-beanutils, Apache 2.0
Apache: commons-beanutils 1.9.4: https://github.com/apache/commons-beanutils, Apache 2.0
Apache: log4j2 2.1
5
.0: https://github.com/apache/logging-log4j2, Apache 2.0
Apache: log4j2 2.1
7
.0: https://github.com/apache/logging-log4j2, Apache 2.0
Apache: zookeeper 3.5.7: https://github.com/apache/zookeeper, Apache 2.0
Apache: zookeeper 3.5.7: https://github.com/apache/zookeeper, Apache 2.0
Apache: commons-collections 3.2.2: https://github.com/apache/commons-collections, Apache 2.0
Apache: commons-collections 3.2.2: https://github.com/apache/commons-collections, Apache 2.0
Apache: commons-configuration 1.8: https://github.com/apache/commons-configuration, Apache 2.0
Apache: commons-configuration 1.8: https://github.com/apache/commons-configuration, Apache 2.0
...
...
oap-server-bom/pom.xml
浏览文件 @
a02dd9c2
...
@@ -29,7 +29,7 @@
...
@@ -29,7 +29,7 @@
<properties>
<properties>
<slf4j.version>
1.7.30
</slf4j.version>
<slf4j.version>
1.7.30
</slf4j.version>
<log4j.version>
2.1
6
.0
</log4j.version>
<log4j.version>
2.1
7
.0
</log4j.version>
<graphql-java-tools.version>
5.2.3
</graphql-java-tools.version>
<graphql-java-tools.version>
5.2.3
</graphql-java-tools.version>
<graphql-java.version>
8.0
</graphql-java.version>
<graphql-java.version>
8.0
</graphql-java.version>
<okhttp.version>
3.14.9
</okhttp.version>
<okhttp.version>
3.14.9
</okhttp.version>
...
...
tools/dependencies/known-oap-backend-dependencies.txt
浏览文件 @
a02dd9c2
...
@@ -93,10 +93,10 @@ kotlin-reflect-1.1.1.jar
...
@@ -93,10 +93,10 @@ kotlin-reflect-1.1.1.jar
kotlin-stdlib-1.1.60.jar
kotlin-stdlib-1.1.60.jar
libthrift-0.14.1.jar
libthrift-0.14.1.jar
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
log4j-api-2.1
6
.0.jar
log4j-api-2.1
7
.0.jar
log4j-core-2.1
6
.0.jar
log4j-core-2.1
7
.0.jar
log4j-over-slf4j-1.7.30.jar
log4j-over-slf4j-1.7.30.jar
log4j-slf4j-impl-2.1
6
.0.jar
log4j-slf4j-impl-2.1
7
.0.jar
logging-interceptor-3.13.1.jar
logging-interceptor-3.13.1.jar
lz4-java-1.6.0.jar
lz4-java-1.6.0.jar
micrometer-core-1.7.6.jar
micrometer-core-1.7.6.jar
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录