Uploaded image for project: 'Keikai'
  1. Keikai
  2. KEIKAI-562

Upgrade the underlying Log4J library

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.10.0
    • Component/s: None
    • Security Level: Jimmy
    • Labels:
      None

      Description

      User Story

      The underlying log4J library used in Keikai is 1.12.13.

      The log4j library is transitively resolved by zpoi /zpoiex.

      Need to update zpoi/zpoi ex (maybe use API package as compiled scope only in zpoi, and actual package in test scope if necessary)

      Although such a version is NOT affected by the recently discovered security vulnerabilities (CVE-2021-44228 / CVE-2021-45046 / CVE-2021-44832), it is still quite old, so we should evaluate if an upgrade is needed.

       

      IMPORTANT NOTE:

      All maven packages can be managed by their project's pom files.

      Use maven dependency management features like exclusion or manual declaration to manually choose if your project should load the default log4j, not load any version of log4j, or a different version of log4j

       

                     EXCLUSION WITH
      		<dependency>
      			<groupId>io.keikai</groupId>
      			<artifactId>keikai-ex</artifactId>
      			<version>${keikai.version}</version>
      			<exclusions>
      				<exclusion>
      					<groupId>log4j</groupId>
      					<artifactId>log4j</artifactId>
      				</exclusion>
      			</exclusions>
      		</dependency>
      
      OR
              VERSION LOCK WITH
      	<dependencyManagement>
      		<dependencies>
      			<dependency>
      				<groupId>log4j</groupId>
      				<artifactId>log4j</artifactId>
      				<version>1.2.13</version> YOUR PREFERED VERSION HERE
      			</dependency>
      		</dependencies>
      	</dependencyManagement>
      

      Acceptance Criteria

      Use the latest Log4J library

      Details

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jumperchen jumperchen
              Reporter:
              jeanher jeanher
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: