This is an automated email from the ASF dual-hosted git repository.
gosonzhang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-inlong.git
The following commit(s) were added to refs/heads/master by this push:
new b2d4ada [INLONG-1958][Bug]Avoid the security risks of log4j package
(#1962)
b2d4ada is described below
commit b2d4ada46acb58f746867215927b4d716a7e65e8
Author: healchow <[email protected]>
AuthorDate: Mon Dec 13 14:11:43 2021 +0800
[INLONG-1958][Bug]Avoid the security risks of log4j package (#1962)
Co-authored-by: healchow <[email protected]>
---
inlong-manager/manager-dao/pom.xml | 53 +++++++++++++++++------
inlong-manager/manager-service/pom.xml | 71 -------------------------------
inlong-manager/manager-web/bin/startup.sh | 4 +-
inlong-manager/pom.xml | 20 +++++++++
4 files changed, 61 insertions(+), 87 deletions(-)
diff --git a/inlong-manager/manager-dao/pom.xml
b/inlong-manager/manager-dao/pom.xml
index 5102624..77c63e7 100644
--- a/inlong-manager/manager-dao/pom.xml
+++ b/inlong-manager/manager-dao/pom.xml
@@ -54,6 +54,11 @@
</exclusions>
</dependency>
<dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-api</artifactId>
+ <version>2.15.0</version>
+ </dependency>
+ <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
@@ -76,40 +81,36 @@
<artifactId>hive-jdbc</artifactId>
<exclusions>
<exclusion>
- <artifactId>hadoop-common</artifactId>
- <groupId>org.apache.hadoop</groupId>
+ <artifactId>hive-llap-server</artifactId>
+ <groupId>org.apache.hive</groupId>
</exclusion>
<exclusion>
- <artifactId>jetty-http</artifactId>
+ <artifactId>jetty-runner</artifactId>
<groupId>org.eclipse.jetty</groupId>
</exclusion>
<exclusion>
- <artifactId>jetty-rewrite</artifactId>
+ <artifactId>jetty-server</artifactId>
<groupId>org.eclipse.jetty</groupId>
</exclusion>
<exclusion>
- <artifactId>jetty-server</artifactId>
- <groupId>org.eclipse.jetty</groupId>
+ <artifactId>hadoop-yarn-server-resourcemanager</artifactId>
+ <groupId>org.apache.hadoop</groupId>
</exclusion>
<exclusion>
<artifactId>jetty-servlet</artifactId>
<groupId>org.eclipse.jetty</groupId>
</exclusion>
<exclusion>
- <artifactId>jetty-webapp</artifactId>
+ <artifactId>jetty-http</artifactId>
<groupId>org.eclipse.jetty</groupId>
</exclusion>
<exclusion>
- <artifactId>hive-llap-server</artifactId>
- <groupId>org.apache.hive</groupId>
- </exclusion>
- <exclusion>
- <artifactId>jetty-runner</artifactId>
+ <artifactId>jetty-rewrite</artifactId>
<groupId>org.eclipse.jetty</groupId>
</exclusion>
<exclusion>
- <artifactId>hadoop-yarn-server-resourcemanager</artifactId>
- <groupId>org.apache.hadoop</groupId>
+ <artifactId>jetty-webapp</artifactId>
+ <groupId>org.eclipse.jetty</groupId>
</exclusion>
<exclusion>
<artifactId>javax.servlet-api</artifactId>
@@ -128,10 +129,30 @@
<groupId>org.slf4j</groupId>
</exclusion>
<exclusion>
+ <artifactId>log4j-web</artifactId>
+ <groupId>org.apache.logging.log4j</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>log4j-1.2-api</artifactId>
+ <groupId>org.apache.logging.log4j</groupId>
+ </exclusion>
+ <exclusion>
<artifactId>protobuf-java</artifactId>
<groupId>com.google.protobuf</groupId>
</exclusion>
<exclusion>
+ <artifactId>hive-classification</artifactId>
+ <groupId>org.apache.hive</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>hbase-client</artifactId>
+ <groupId>org.apache.hbase</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>tephra-hbase-compat-1.0</artifactId>
+ <groupId>co.cask.tephra</groupId>
+ </exclusion>
+ <exclusion>
<artifactId>json</artifactId>
<groupId>com.tdunning</groupId>
</exclusion>
@@ -158,6 +179,10 @@
<groupId>org.slf4j</groupId>
</exclusion>
<exclusion>
+ <artifactId>log4j-1.2-api</artifactId>
+ <groupId>org.apache.logging.log4j</groupId>
+ </exclusion>
+ <exclusion>
<artifactId>hadoop-yarn-registry</artifactId>
<groupId>org.apache.hadoop</groupId>
</exclusion>
diff --git a/inlong-manager/manager-service/pom.xml
b/inlong-manager/manager-service/pom.xml
index 041795c..6116ed1 100644
--- a/inlong-manager/manager-service/pom.xml
+++ b/inlong-manager/manager-service/pom.xml
@@ -60,77 +60,6 @@
</dependency>
<dependency>
- <groupId>org.apache.hive</groupId>
- <artifactId>hive-jdbc</artifactId>
- <exclusions>
- <exclusion>
- <artifactId>hive-llap-server</artifactId>
- <groupId>org.apache.hive</groupId>
- </exclusion>
- <exclusion>
- <artifactId>jetty-runner</artifactId>
- <groupId>org.eclipse.jetty</groupId>
- </exclusion>
- <exclusion>
- <artifactId>jetty-server</artifactId>
- <groupId>org.eclipse.jetty</groupId>
- </exclusion>
- <exclusion>
- <artifactId>hadoop-yarn-server-resourcemanager</artifactId>
- <groupId>org.apache.hadoop</groupId>
- </exclusion>
- <exclusion>
- <artifactId>jetty-servlet</artifactId>
- <groupId>org.eclipse.jetty</groupId>
- </exclusion>
- <exclusion>
- <artifactId>jetty-http</artifactId>
- <groupId>org.eclipse.jetty</groupId>
- </exclusion>
- <exclusion>
- <artifactId>jetty-rewrite</artifactId>
- <groupId>org.eclipse.jetty</groupId>
- </exclusion>
- <exclusion>
- <artifactId>jetty-webapp</artifactId>
- <groupId>org.eclipse.jetty</groupId>
- </exclusion>
- <exclusion>
- <artifactId>javax.servlet-api</artifactId>
- <groupId>javax.servlet</groupId>
- </exclusion>
- <exclusion>
- <artifactId>javax.servlet.jsp-api</artifactId>
- <groupId>javax.servlet.jsp</groupId>
- </exclusion>
- <exclusion>
- <artifactId>log4j-slf4j-impl</artifactId>
- <groupId>org.apache.logging.log4j</groupId>
- </exclusion>
- <exclusion>
- <artifactId>slf4j-log4j12</artifactId>
- <groupId>org.slf4j</groupId>
- </exclusion>
- <exclusion>
- <artifactId>hive-classification</artifactId>
- <groupId>org.apache.hive</groupId>
- </exclusion>
- <exclusion>
- <artifactId>hbase-client</artifactId>
- <groupId>org.apache.hbase</groupId>
- </exclusion>
- <exclusion>
- <artifactId>tephra-hbase-compat-1.0</artifactId>
- <groupId>co.cask.tephra</groupId>
- </exclusion>
- <exclusion>
- <artifactId>json</artifactId>
- <groupId>com.tdunning</groupId>
- </exclusion>
- </exclusions>
- </dependency>
-
- <dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-common</artifactId>
<exclusions>
diff --git a/inlong-manager/manager-web/bin/startup.sh
b/inlong-manager/manager-web/bin/startup.sh
index 91f67cd..9b522cd 100755
--- a/inlong-manager/manager-web/bin/startup.sh
+++ b/inlong-manager/manager-web/bin/startup.sh
@@ -127,12 +127,12 @@ STARTUP_LOG="${STARTUP_LOG}application log path:
${LOG_DIR}\n"
STARTUP_LOG="${STARTUP_LOG}application JAVA_OPT: ${JAVA_OPT}\n"
# Print start command
-STARTUP_LOG="${STARTUP_LOG}application startup command: nohup java ${JAVA_OPT}
-cp ${CLASSPATH} ${MAIN_CLASS} 1>${LOG_FILE} 2>${LOG_DIR}/error.log &\n"
+STARTUP_LOG="${STARTUP_LOG}application startup command: nohup java ${JAVA_OPT}
-Dlog4j2.formatMsgNoLookups=true -Dlog4j.formatMsgNoLookups=true -cp
${CLASSPATH} ${MAIN_CLASS} 1>${LOG_FILE} 2>${LOG_DIR}/error.log &\n"
#======================================================================
# Execute the startup command: start the project in the background, and output
the log to the logs folder under the project root directory
#======================================================================
-nohup java ${JAVA_OPT} -cp ${CLASSPATH} ${MAIN_CLASS} 1>${LOG_FILE}
2>${LOG_DIR}/error.log &
+nohup java ${JAVA_OPT} -Dlog4j2.formatMsgNoLookups=true
-Dlog4j.formatMsgNoLookups=true -cp ${CLASSPATH} ${MAIN_CLASS} 1>${LOG_FILE}
2>${LOG_DIR}/error.log &
# Process ID
PID="$!"
diff --git a/inlong-manager/pom.xml b/inlong-manager/pom.xml
index a934118..391f053 100644
--- a/inlong-manager/pom.xml
+++ b/inlong-manager/pom.xml
@@ -169,6 +169,16 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
<version>${spring-boot.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-to-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-api</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
@@ -254,6 +264,16 @@
<groupId>com.github.xiaoymin</groupId>
<artifactId>knife4j-spring-boot-starter</artifactId>
<version>${knife4j.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-to-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-api</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
