Uploaded image for project: 'Keikai'
  1. Keikai
  2. KEIKAI-562

Upgrade the underlying Log4J library

    XMLWordPrintable

Details

    • New Feature
    • Resolution: Fixed
    • Normal
    • 5.10.0
    • None
    • None
    • Security Level: Jimmy
    • None

    Description

      User Story

      The underlying log4J library used in Keikai is 1.12.13.

      The log4j library is transitively resolved by zpoi /zpoiex.

      Need to update zpoi/zpoi ex (maybe use API package as compiled scope only in zpoi, and actual package in test scope if necessary)

      Although such a version is NOT affected by the recently discovered security vulnerabilities (CVE-2021-44228 / CVE-2021-45046 / CVE-2021-44832), it is still quite old, so we should evaluate if an upgrade is needed.

       

      IMPORTANT NOTE:

      All maven packages can be managed by their project's pom files.

      Use maven dependency management features like exclusion or manual declaration to manually choose if your project should load the default log4j, not load any version of log4j, or a different version of log4j

       

                     EXCLUSION WITH
      		<dependency>
      			<groupId>io.keikai</groupId>
      			<artifactId>keikai-ex</artifactId>
      			<version>${keikai.version}</version>
      			<exclusions>
      				<exclusion>
      					<groupId>log4j</groupId>
      					<artifactId>log4j</artifactId>
      				</exclusion>
      			</exclusions>
      		</dependency>
      
      OR
              VERSION LOCK WITH
      	<dependencyManagement>
      		<dependencies>
      			<dependency>
      				<groupId>log4j</groupId>
      				<artifactId>log4j</artifactId>
      				<version>1.2.13</version> YOUR PREFERED VERSION HERE
      			</dependency>
      		</dependencies>
      	</dependencyManagement>
      

      Acceptance Criteria

      Use the latest Log4J library

      Details

       

      Attachments

        Issue Links

          Activity

            People

              jumperchen jumperchen
              jeanher jeanher
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: