(hbase-operator-tools) branch master updated: HBASE-28532 Remove vulnerable dependencies: slf4j-log4j12 and log4j:log4j (#142)

Tue, 13 Aug 2024 07:17:04 -0700 

This is an automated email from the ASF dual-hosted git repository.

nihaljain pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hbase-operator-tools.git


The following commit(s) were added to refs/heads/master by this push:
     new ff8dc42  HBASE-28532 Remove vulnerable dependencies: slf4j-log4j12 and 
log4j:log4j (#142)
ff8dc42 is described below

commit ff8dc42cce557b940a3546a47a10a0c0c1a34006
Author: Nikita Pande <[email protected]>
AuthorDate: Tue Aug 13 19:46:52 2024 +0530

    HBASE-28532 Remove vulnerable dependencies: slf4j-log4j12 and log4j:log4j 
(#142)
    
    Signed-off-by: Duo Zhang <[email protected]>
    Signed-off-by: Nihal Jain <[email protected]>
    Reviewed-by: Peng Lu <[email protected]>
---
 hbase-hbck2/pom.xml          | 24 ++++++++++++++++++++++++
 hbase-table-reporter/pom.xml | 14 ++++++++++----
 hbase-tools/pom.xml          | 24 ++++++++++++++++++++++++
 pom.xml                      |  3 ++-
 4 files changed, 60 insertions(+), 5 deletions(-)

diff --git a/hbase-hbck2/pom.xml b/hbase-hbck2/pom.xml
index 3876dad..1d57225 100644
--- a/hbase-hbck2/pom.xml
+++ b/hbase-hbck2/pom.xml
@@ -68,6 +68,12 @@
       <artifactId>hbase-server</artifactId>
       <version>${hbase.version}</version>
       <scope>provided</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.apache.hbase</groupId>
@@ -75,6 +81,12 @@
       <version>${hbase.version}</version>
       <type>test-jar</type>
       <scope>provided</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.apache.hbase</groupId>
@@ -82,6 +94,12 @@
       <version>${hbase.version}</version>
       <type>test-jar</type>
       <scope>provided</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.apache.hbase</groupId>
@@ -89,6 +107,12 @@
       <version>${hbase.version}</version>
       <type>test-jar</type>
       <scope>provided</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.apache.hbase</groupId>
diff --git a/hbase-table-reporter/pom.xml b/hbase-table-reporter/pom.xml
index 1cedca7..64cdfd1 100644
--- a/hbase-table-reporter/pom.xml
+++ b/hbase-table-reporter/pom.xml
@@ -42,17 +42,23 @@
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-api</artifactId>
-      <version>1.7.25</version>
+      <version>${slf4j.version}</version>
     </dependency>
     <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-log4j12</artifactId>
-      <version>1.7.25</version>
+      <groupId>org.apache.logging.log4j</groupId>
+      <artifactId>log4j-slf4j-impl</artifactId>
+      <version>${log4j2.version}</version>
     </dependency>
     <dependency>
       <groupId>org.apache.hbase</groupId>
       <artifactId>hbase-shaded-client</artifactId>
       <version>${hbase.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.apache.datasketches</groupId>
diff --git a/hbase-tools/pom.xml b/hbase-tools/pom.xml
index 7a80360..55ef075 100644
--- a/hbase-tools/pom.xml
+++ b/hbase-tools/pom.xml
@@ -58,12 +58,24 @@
       <artifactId>hbase-server</artifactId>
       <version>${hbase.version}</version>
       <scope>provided</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.apache.hbase</groupId>
       <artifactId>hbase-shaded-testing-util</artifactId>
       <version>${hbase.version}</version>
       <scope>test</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.apache.hbase</groupId>
@@ -71,6 +83,12 @@
       <version>${hbase.version}</version>
       <type>test-jar</type>
       <scope>provided</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.apache.hbase</groupId>
@@ -78,6 +96,12 @@
       <version>${hbase.version}</version>
       <type>test-jar</type>
       <scope>provided</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.apache.hbase</groupId>
diff --git a/pom.xml b/pom.xml
index 3e05590..3ec6243 100644
--- a/pom.xml
+++ b/pom.xml
@@ -129,7 +129,8 @@
     <spotless.version>2.27.2</spotless.version>
     <hbase.version>2.4.4</hbase.version>
     <hbase-thirdparty.version>2.2.1</hbase-thirdparty.version>
-    <log4j2.version>2.17.1</log4j2.version>
+    <log4j2.version>2.17.2</log4j2.version>
+    <slf4j.version>1.7.33</slf4j.version>
     <surefire.provider>surefire-junit47</surefire.provider>
     <test.output.tofile>true</test.output.tofile>
     <checkstyle.version>8.45.1</checkstyle.version>

Reply via email to