This is an automated email from the ASF dual-hosted git repository.
vjasani pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.7 by this push:
new c950b4d409 AMBARI-25722: Remediation of log4j dependency’s (#3358)
c950b4d409 is described below
commit c950b4d409dacf15049039858c77794e0ec96eb9
Author: Bhavik Patel <[email protected]>
AuthorDate: Wed Aug 31 01:45:32 2022 +0530
AMBARI-25722: Remediation of log4j dependency’s (#3358)
Signed-off-by: Brahma Reddy Battula <[email protected]>
Signed-off-by: Wei-Chiu Chuang <[email protected]>
Signed-off-by: Viraj Jasani <[email protected]>
(Backport of PR #3346)
---
ambari-agent/pom.xml | 26 ++++++++++++
ambari-metrics/ambari-metrics-common/pom.xml | 10 +++++
.../ambari-metrics-timelineservice/pom.xml | 10 +++--
ambari-project/pom.xml | 48 +++++++---------------
ambari-server/conf/unix/log4j.properties | 12 +++---
ambari-server/pom.xml | 37 ++++++++++++++---
.../server/checks/DatabaseConsistencyChecker.java | 25 +++++------
ambari-utility/pom.xml | 11 +++--
contrib/ambari-log4j/pom.xml | 27 +-----------
contrib/ambari-scom/metrics-sink/pom.xml | 6 +--
10 files changed, 120 insertions(+), 92 deletions(-)
diff --git a/ambari-agent/pom.xml b/ambari-agent/pom.xml
index 5bcb6f6fbe..f4921d92c7 100644
--- a/ambari-agent/pom.xml
+++ b/ambari-agent/pom.xml
@@ -58,6 +58,16 @@
<dependency>
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>commons-cli</groupId>
@@ -115,6 +125,14 @@
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -135,6 +153,14 @@
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/ambari-metrics/ambari-metrics-common/pom.xml
b/ambari-metrics/ambari-metrics-common/pom.xml
index da4f0be724..608652db27 100644
--- a/ambari-metrics/ambari-metrics-common/pom.xml
+++ b/ambari-metrics/ambari-metrics-common/pom.xml
@@ -159,6 +159,16 @@
<groupId>org.apache.curator</groupId>
<artifactId>curator-framework</artifactId>
<version>4.0.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
diff --git a/ambari-metrics/ambari-metrics-timelineservice/pom.xml
b/ambari-metrics/ambari-metrics-timelineservice/pom.xml
index 849e5c3fe3..f0c9706971 100644
--- a/ambari-metrics/ambari-metrics-timelineservice/pom.xml
+++ b/ambari-metrics/ambari-metrics-timelineservice/pom.xml
@@ -311,6 +311,10 @@
<artifactId>zookeeper</artifactId>
<groupId>org.apache.zookeeper</groupId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<!-- zkclient is helix-core dependency but it need to be 0.9 in order for
AMS HA to work on secure cluster-->
@@ -697,13 +701,13 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
- <version>1.7.20</version>
+ <version>1.7.35</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- <version>1.7.20</version>
+ <artifactId>slf4j-reload4j</artifactId>
+ <version>1.7.35</version>
</dependency>
<dependency>
diff --git a/ambari-project/pom.xml b/ambari-project/pom.xml
index efeb571989..a40805ad82 100644
--- a/ambari-project/pom.xml
+++ b/ambari-project/pom.xml
@@ -36,7 +36,9 @@
<checkstyle.version>6.19</checkstyle.version> <!-- last version that does
not require Java 8 -->
<swagger.version>1.5.19</swagger.version>
<swagger.maven.plugin.version>3.1.4</swagger.maven.plugin.version>
- <slf4j.version>1.7.20</slf4j.version>
+ <slf4j.version>1.7.35</slf4j.version>
+ <reload4j.version>1.2.22</reload4j.version>
+ <logback.version>1.2.10</logback.version>
<guice.version>4.1.0</guice.version>
<spring.version>5.1.18.RELEASE</spring.version>
<spring.security.version>5.1.13.RELEASE</spring.security.version>
@@ -206,9 +208,19 @@
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
+ <artifactId>slf4j-reload4j</artifactId>
<version>${slf4j.version}</version>
</dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-core</artifactId>
+ <version>${logback.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ <version>${logback.version}</version>
+ </dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jul-to-slf4j</artifactId>
@@ -534,38 +546,6 @@
</exclusion>
</exclusions>
</dependency>
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>1.2.17</version>
- <exclusions>
- <exclusion>
- <groupId>com.sun.jdmk</groupId>
- <artifactId>jmxtools</artifactId>
- </exclusion>
- <exclusion>
- <groupId>com.sun.jmx</groupId>
- <artifactId>jmxri</artifactId>
- </exclusion>
- <exclusion>
- <groupId>javax.mail</groupId>
- <artifactId>mail</artifactId>
- </exclusion>
- <exclusion>
- <groupId>javax.jms</groupId>
- <artifactId>jmx</artifactId>
- </exclusion>
- <exclusion>
- <groupId>javax.jms</groupId>
- <artifactId>jms</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>apache-log4j-extras</artifactId>
- <version>1.2.17</version>
- </dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
diff --git a/ambari-server/conf/unix/log4j.properties
b/ambari-server/conf/unix/log4j.properties
index d224b803b5..48891c3743 100644
--- a/ambari-server/conf/unix/log4j.properties
+++ b/ambari-server/conf/unix/log4j.properties
@@ -99,13 +99,11 @@ log4j.logger.org.eclipse.jetty=WARN,file
# Audit logging
log4j.logger.audit=INFO,audit
log4j.additivity.audit=false
-log4j.appender.audit=org.apache.log4j.rolling.RollingFileAppender
-log4j.appender.audit.rollingPolicy=org.apache.log4j.rolling.FixedWindowRollingPolicy
-log4j.appender.audit.rollingPolicy.ActiveFileName=${ambari.log.dir}/${ambari.audit.file}
-log4j.appender.audit.rollingPolicy.FileNamePattern=${ambari.log.dir}/${ambari.audit.file}-%i.log.gz
-log4j.appender.audit.rollingPolicy.maxIndex=13
-log4j.appender.audit.triggeringPolicy=org.apache.log4j.rolling.SizeBasedTriggeringPolicy
-log4j.appender.audit.triggeringPolicy.maxFileSize=50000000
+log4j.appender.audit=org.apache.log4j.RollingFileAppender
+log4j.appender.audit.File=${ambari.log.dir}/${ambari.audit.file}
+log4j.appender.audit.FileNamePattern=${ambari.log.dir}/${ambari.audit.file}-%i.log.gz
+log4j.appender.audit.MaxFileSize=50000000
+log4j.appender.audit.MaxBackupIndex=13
log4j.appender.audit.layout=org.apache.log4j.PatternLayout
log4j.appender.audit.layout.ConversionPattern=%m%n
diff --git a/ambari-server/pom.xml b/ambari-server/pom.xml
index dd66e61637..b89cb4c3b8 100644
--- a/ambari-server/pom.xml
+++ b/ambari-server/pom.xml
@@ -1246,7 +1246,7 @@
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
+ <artifactId>slf4j-reload4j</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
@@ -1257,12 +1257,17 @@
<artifactId>jcl-over-slf4j</artifactId>
</dependency>
<dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
+ <groupId>ch.qos.reload4j</groupId>
+ <artifactId>reload4j</artifactId>
+ <version>${reload4j.version}</version>
</dependency>
<dependency>
- <groupId>log4j</groupId>
- <artifactId>apache-log4j-extras</artifactId>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
</dependency>
<dependency>
<groupId>org.eclipse.persistence</groupId>
@@ -1631,6 +1636,12 @@
<groupId>org.snmp4j</groupId>
<artifactId>snmp4j</artifactId>
<version>1.10.1</version>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.esotericsoftware.yamlbeans</groupId>
@@ -1694,6 +1705,14 @@
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -1741,6 +1760,14 @@
<groupId>com.jcraft</groupId>
<artifactId>jsch</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/checks/DatabaseConsistencyChecker.java
b/ambari-server/src/main/java/org/apache/ambari/server/checks/DatabaseConsistencyChecker.java
index 3e7a4e7216..b897c05c54 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/checks/DatabaseConsistencyChecker.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/checks/DatabaseConsistencyChecker.java
@@ -17,7 +17,7 @@
*/
package org.apache.ambari.server.checks;
-import java.util.Enumeration;
+import java.util.Iterator;
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.audit.AuditLoggerModule;
@@ -25,16 +25,18 @@ import org.apache.ambari.server.controller.ControllerModule;
import org.apache.ambari.server.ldap.LdapModule;
import org.apache.ambari.server.orm.DBAccessor;
import org.apache.ambari.server.utils.EventBusSynchronizer;
-import org.apache.log4j.FileAppender;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.slf4j.impl.Log4jLoggerAdapter;
import com.google.inject.Guice;
import com.google.inject.Inject;
import com.google.inject.Injector;
import com.google.inject.persist.PersistService;
+import ch.qos.logback.classic.spi.ILoggingEvent;
+import ch.qos.logback.core.Appender;
+import ch.qos.logback.core.FileAppender;
+
public class DatabaseConsistencyChecker {
private static final Logger LOG = LoggerFactory.getLogger
(DatabaseConsistencyChecker.class);
@@ -123,15 +125,14 @@ public class DatabaseConsistencyChecker {
DatabaseConsistencyCheckHelper.closeConnection();
if
(DatabaseConsistencyCheckHelper.getLastCheckResult().isErrorOrWarning()) {
String ambariDBConsistencyCheckLog =
"ambari-server-check-database.log";
- if (LOG instanceof Log4jLoggerAdapter) {
- org.apache.log4j.Logger dbConsistencyCheckHelperLogger =
org.apache.log4j.Logger.getLogger(DatabaseConsistencyCheckHelper.class);
- Enumeration appenders =
dbConsistencyCheckHelperLogger.getAllAppenders();
- while (appenders.hasMoreElements()) {
- Object appender = appenders.nextElement();
- if (appender instanceof FileAppender) {
- ambariDBConsistencyCheckLog = ((FileAppender)
appender).getFile();
- break;
- }
+ ch.qos.logback.classic.Logger dbConsistencyCheckHelperLogger =
+ (ch.qos.logback.classic.Logger)
LoggerFactory.getLogger(DatabaseConsistencyCheckHelper.class);
+
+ for (Iterator<Appender<ILoggingEvent>> index =
dbConsistencyCheckHelperLogger.iteratorForAppenders(); index.hasNext();){
+ Appender<ILoggingEvent> appender = index.next();
+ if (appender instanceof FileAppender) {
+ ambariDBConsistencyCheckLog = ((FileAppender)
appender).getFile();
+ break;
}
}
ambariDBConsistencyCheckLog =
ambariDBConsistencyCheckLog.replace("//", "/");
diff --git a/ambari-utility/pom.xml b/ambari-utility/pom.xml
index ff563600c1..9c600fd5d8 100644
--- a/ambari-utility/pom.xml
+++ b/ambari-utility/pom.xml
@@ -50,6 +50,10 @@
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-xml</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -65,12 +69,13 @@
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
+ <artifactId>slf4j-reload4j</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
+ <groupId>ch.qos.reload4j</groupId>
+ <artifactId>reload4j</artifactId>
+ <version>${reload4j.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
diff --git a/contrib/ambari-log4j/pom.xml b/contrib/ambari-log4j/pom.xml
index 2cd9523aae..40c29f1ffc 100644
--- a/contrib/ambari-log4j/pom.xml
+++ b/contrib/ambari-log4j/pom.xml
@@ -46,31 +46,8 @@
<version>1.2.1</version>
</dependency>
<dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>1.2.15</version>
- <exclusions>
- <exclusion>
- <groupId>com.sun.jdmk</groupId>
- <artifactId>jmxtools</artifactId>
- </exclusion>
- <exclusion>
- <groupId>com.sun.jmx</groupId>
- <artifactId>jmxri</artifactId>
- </exclusion>
- <exclusion>
- <groupId>javax.mail</groupId>
- <artifactId>mail</artifactId>
- </exclusion>
- <exclusion>
- <groupId>javax.jms</groupId>
- <artifactId>jmx</artifactId>
- </exclusion>
- <exclusion>
- <groupId>javax.jms</groupId>
- <artifactId>jms</artifactId>
- </exclusion>
- </exclusions>
+ <groupId>ch.qos.reload4j</groupId>
+ <artifactId>reload4j</artifactId>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
diff --git a/contrib/ambari-scom/metrics-sink/pom.xml
b/contrib/ambari-scom/metrics-sink/pom.xml
index 83c07328ae..37b2807ede 100644
--- a/contrib/ambari-scom/metrics-sink/pom.xml
+++ b/contrib/ambari-scom/metrics-sink/pom.xml
@@ -27,9 +27,9 @@
<name>Ambari SCOM Metrics Sink</name>
<dependencies>
<dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>1.2.17</version>
+ <groupId>ch.qos.reload4j</groupId>
+ <artifactId>reload4j</artifactId>
+ <version>1.2.22</version>
</dependency>
<dependency>
<groupId>junit</groupId>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
