diff --git a/CHANGELOG.md b/CHANGELOG.md index 47d1657199d40..c9c5287f9bffc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -85,6 +85,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Bump `com.google.code.gson:gson` from 2.13.1 to 2.13.2 ([#19290](https://github.com/opensearch-project/OpenSearch/pull/19290)) ([#19293](https://github.com/opensearch-project/OpenSearch/pull/19293)) - Bump `actions/stale` from 9 to 10 ([#19292](https://github.com/opensearch-project/OpenSearch/pull/19292)) - Bump `com.nimbusds:oauth2-oidc-sdk` from 11.25 to 11.28 ([#19291](https://github.com/opensearch-project/OpenSearch/pull/19291)) +- Bump `log4j2` from 2.21.0 to 2.25.1 ([#19184](https://github.com/opensearch-project/OpenSearch/pull/19184)) ### Deprecated diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index cd0ed7b64b092..26e6f202375c1 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -13,7 +13,9 @@ jackson_databind = "2.18.2" snakeyaml = "2.1" icu4j = "77.1" supercsv = "2.4.0" -log4j = "2.21.0" +log4j = "2.25.1" +error_prone_annotations = "2.41.0" +spotbugs_annotations = "4.9.4" slf4j = "2.0.17" asm = "9.7" jettison = "1.5.4" diff --git a/libs/core/licenses/log4j-api-2.21.0.jar.sha1 b/libs/core/licenses/log4j-api-2.21.0.jar.sha1 deleted file mode 100644 index 51446052594aa..0000000000000 --- a/libs/core/licenses/log4j-api-2.21.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -760192f2b69eacf4a4afc78e5a1d7a8de054fcbd \ No newline at end of file diff --git a/libs/core/licenses/log4j-api-2.25.1.jar.sha1 b/libs/core/licenses/log4j-api-2.25.1.jar.sha1 new file mode 100644 index 0000000000000..2003ff978ac55 --- /dev/null +++ b/libs/core/licenses/log4j-api-2.25.1.jar.sha1 @@ -0,0 +1 @@ +c7acbbd6f110cd1457c628da46245e355b1ee57a \ No newline at end of file diff --git a/modules/transport-grpc/build.gradle b/modules/transport-grpc/build.gradle index fab6c49febb4f..1d9893a6c7408 100644 --- a/modules/transport-grpc/build.gradle +++ b/modules/transport-grpc/build.gradle @@ -24,8 +24,11 @@ dependencies { api project('spi') compileOnly "com.google.code.findbugs:jsr305:3.0.2" runtimeOnly "com.google.guava:guava:${versions.guava}" - implementation "com.google.errorprone:error_prone_annotations:2.24.1" - implementation "com.google.guava:failureaccess:1.0.2" + + compileOnly "com.github.spotbugs:spotbugs-annotations:${versions.spotbugs_annotations}" + compileOnly "com.google.errorprone:error_prone_annotations:${versions.error_prone_annotations}" + compileOnly "com.google.guava:failureaccess:1.0.2" + implementation "io.grpc:grpc-api:${versions.grpc}" implementation "io.grpc:grpc-core:${versions.grpc}" implementation "io.grpc:grpc-netty-shaded:${versions.grpc}" diff --git a/modules/transport-grpc/licenses/error_prone_annotations-2.24.1.jar.sha1 b/modules/transport-grpc/licenses/error_prone_annotations-2.24.1.jar.sha1 deleted file mode 100644 index 67723f6f51248..0000000000000 --- a/modules/transport-grpc/licenses/error_prone_annotations-2.24.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -32b299e45105aa9b0df8279c74dc1edfcf313ff0 \ No newline at end of file diff --git a/modules/transport-grpc/licenses/failureaccess-1.0.2.jar.sha1 b/modules/transport-grpc/licenses/failureaccess-1.0.2.jar.sha1 deleted file mode 100644 index 43cb5aa469900..0000000000000 --- a/modules/transport-grpc/licenses/failureaccess-1.0.2.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -c4a06a64e650562f30b7bf9aaec1bfed43aca12b diff --git a/modules/transport-grpc/licenses/failureaccess-LICENSE.txt b/modules/transport-grpc/licenses/failureaccess-LICENSE.txt deleted file mode 100644 index d645695673349..0000000000000 --- a/modules/transport-grpc/licenses/failureaccess-LICENSE.txt +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/modules/transport-grpc/licenses/failureaccess-NOTICE.txt b/modules/transport-grpc/licenses/failureaccess-NOTICE.txt deleted file mode 100644 index e69de29bb2d1d..0000000000000 diff --git a/plugins/arrow-flight-rpc/build.gradle b/plugins/arrow-flight-rpc/build.gradle index c47597f572f2c..d6441d85469f3 100644 --- a/plugins/arrow-flight-rpc/build.gradle +++ b/plugins/arrow-flight-rpc/build.gradle @@ -54,7 +54,8 @@ dependencies { runtimeOnly "io.grpc:grpc-core:${versions.grpc}" implementation "io.grpc:grpc-stub:${versions.grpc}" implementation "io.grpc:grpc-netty:${versions.grpc}" - implementation "com.google.errorprone:error_prone_annotations:2.31.0" + + compileOnly "com.google.errorprone:error_prone_annotations:${versions.error_prone_annotations}" runtimeOnly group: 'com.google.code.findbugs', name: 'jsr305', version: '3.0.2' annotationProcessor 'org.immutables:value:2.10.1' diff --git a/plugins/arrow-flight-rpc/licenses/error_prone_annotations-2.31.0.jar.sha1 b/plugins/arrow-flight-rpc/licenses/error_prone_annotations-2.31.0.jar.sha1 deleted file mode 100644 index 4872d644799f5..0000000000000 --- a/plugins/arrow-flight-rpc/licenses/error_prone_annotations-2.31.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -c3ba307b915d6d506e98ffbb49e6d2d12edad65b \ No newline at end of file diff --git a/plugins/arrow-flight-rpc/licenses/error_prone_annotations-LICENSE.txt b/plugins/arrow-flight-rpc/licenses/error_prone_annotations-LICENSE.txt deleted file mode 100644 index d645695673349..0000000000000 --- a/plugins/arrow-flight-rpc/licenses/error_prone_annotations-LICENSE.txt +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/plugins/arrow-flight-rpc/licenses/error_prone_annotations-NOTICE.txt b/plugins/arrow-flight-rpc/licenses/error_prone_annotations-NOTICE.txt deleted file mode 100644 index e69de29bb2d1d..0000000000000 diff --git a/plugins/crypto-kms/licenses/log4j-1.2-api-2.21.0.jar.sha1 b/plugins/crypto-kms/licenses/log4j-1.2-api-2.21.0.jar.sha1 deleted file mode 100644 index 39d9177cb2fac..0000000000000 --- a/plugins/crypto-kms/licenses/log4j-1.2-api-2.21.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -12bad3819a9570807f3c97315930699584c12152 \ No newline at end of file diff --git a/plugins/crypto-kms/licenses/log4j-1.2-api-2.25.1.jar.sha1 b/plugins/crypto-kms/licenses/log4j-1.2-api-2.25.1.jar.sha1 new file mode 100644 index 0000000000000..adc9a6a418f5d --- /dev/null +++ b/plugins/crypto-kms/licenses/log4j-1.2-api-2.25.1.jar.sha1 @@ -0,0 +1 @@ +08b3667ec8ee781429169b612b7ca6d6a30682b9 \ No newline at end of file diff --git a/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.21.0.jar.sha1 b/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.21.0.jar.sha1 deleted file mode 100644 index 39d9177cb2fac..0000000000000 --- a/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.21.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -12bad3819a9570807f3c97315930699584c12152 \ No newline at end of file diff --git a/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.25.1.jar.sha1 b/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.25.1.jar.sha1 new file mode 100644 index 0000000000000..adc9a6a418f5d --- /dev/null +++ b/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.25.1.jar.sha1 @@ -0,0 +1 @@ +08b3667ec8ee781429169b612b7ca6d6a30682b9 \ No newline at end of file diff --git a/plugins/discovery-ec2/licenses/log4j-1.2-api-2.21.0.jar.sha1 b/plugins/discovery-ec2/licenses/log4j-1.2-api-2.21.0.jar.sha1 deleted file mode 100644 index 39d9177cb2fac..0000000000000 --- a/plugins/discovery-ec2/licenses/log4j-1.2-api-2.21.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -12bad3819a9570807f3c97315930699584c12152 \ No newline at end of file diff --git a/plugins/discovery-ec2/licenses/log4j-1.2-api-2.25.1.jar.sha1 b/plugins/discovery-ec2/licenses/log4j-1.2-api-2.25.1.jar.sha1 new file mode 100644 index 0000000000000..adc9a6a418f5d --- /dev/null +++ b/plugins/discovery-ec2/licenses/log4j-1.2-api-2.25.1.jar.sha1 @@ -0,0 +1 @@ +08b3667ec8ee781429169b612b7ca6d6a30682b9 \ No newline at end of file diff --git a/plugins/discovery-gce/licenses/log4j-1.2-api-2.21.0.jar.sha1 b/plugins/discovery-gce/licenses/log4j-1.2-api-2.21.0.jar.sha1 deleted file mode 100644 index 39d9177cb2fac..0000000000000 --- a/plugins/discovery-gce/licenses/log4j-1.2-api-2.21.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -12bad3819a9570807f3c97315930699584c12152 \ No newline at end of file diff --git a/plugins/discovery-gce/licenses/log4j-1.2-api-2.25.1.jar.sha1 b/plugins/discovery-gce/licenses/log4j-1.2-api-2.25.1.jar.sha1 new file mode 100644 index 0000000000000..adc9a6a418f5d --- /dev/null +++ b/plugins/discovery-gce/licenses/log4j-1.2-api-2.25.1.jar.sha1 @@ -0,0 +1 @@ +08b3667ec8ee781429169b612b7ca6d6a30682b9 \ No newline at end of file diff --git a/plugins/repository-azure/build.gradle b/plugins/repository-azure/build.gradle index b8c770efd009c..72bea4c894109 100644 --- a/plugins/repository-azure/build.gradle +++ b/plugins/repository-azure/build.gradle @@ -84,6 +84,8 @@ dependencies { implementation "com.fasterxml.woodstox:woodstox-core:${versions.woodstox}" runtimeOnly "com.google.guava:guava:${versions.guava}" api "org.apache.commons:commons-lang3:${versions.commonslang}" + compileOnly "com.github.spotbugs:spotbugs-annotations:${versions.spotbugs_annotations}" + testImplementation project(':test:fixtures:azure-fixture') } diff --git a/plugins/repository-gcs/build.gradle b/plugins/repository-gcs/build.gradle index cdcf54faa7d64..0aff77db3fd67 100644 --- a/plugins/repository-gcs/build.gradle +++ b/plugins/repository-gcs/build.gradle @@ -61,7 +61,8 @@ dependencies { runtimeOnly "com.google.guava:guava:${guava_version}" runtimeOnly "com.google.guava:failureaccess:1.0.2" - compileOnly "com.google.errorprone:error_prone_annotations:2.38.0" + compileOnly "com.google.errorprone:error_prone_annotations:${versions.error_prone_annotations}" // 2.15.0 in bom + compileOnly "com.github.spotbugs:spotbugs-annotations:${versions.spotbugs_annotations}" runtimeOnly "org.slf4j:slf4j-api:${versions.slf4j}" // 2.0.16 in bom runtimeOnly "commons-codec:commons-codec:${versions.commonscodec}" // 1.18.0 in bom diff --git a/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.21.0.jar.sha1 b/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.21.0.jar.sha1 deleted file mode 100644 index 0e22f98daa61c..0000000000000 --- a/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.21.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -911fdb5b1a1df36719c579ecc6f2957b88bce1ab \ No newline at end of file diff --git a/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.25.1.jar.sha1 b/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.25.1.jar.sha1 new file mode 100644 index 0000000000000..d6101f969a2eb --- /dev/null +++ b/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.25.1.jar.sha1 @@ -0,0 +1 @@ +3c4144e7864a298b22a77e3a10e52f24a7cdfab0 \ No newline at end of file diff --git a/plugins/repository-s3/build.gradle b/plugins/repository-s3/build.gradle index a50f317ebbbf6..3a1942df6843a 100644 --- a/plugins/repository-s3/build.gradle +++ b/plugins/repository-s3/build.gradle @@ -537,7 +537,6 @@ thirdPartyAudit { 'org.jboss.marshalling.MarshallingConfiguration', 'org.jboss.marshalling.Unmarshaller', - 'org.slf4j.ext.EventData', 'reactor.blockhound.BlockHound$Builder', 'reactor.blockhound.integration.BlockHoundIntegration', diff --git a/plugins/repository-s3/licenses/log4j-1.2-api-2.21.0.jar.sha1 b/plugins/repository-s3/licenses/log4j-1.2-api-2.21.0.jar.sha1 deleted file mode 100644 index 39d9177cb2fac..0000000000000 --- a/plugins/repository-s3/licenses/log4j-1.2-api-2.21.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -12bad3819a9570807f3c97315930699584c12152 \ No newline at end of file diff --git a/plugins/repository-s3/licenses/log4j-1.2-api-2.25.1.jar.sha1 b/plugins/repository-s3/licenses/log4j-1.2-api-2.25.1.jar.sha1 new file mode 100644 index 0000000000000..adc9a6a418f5d --- /dev/null +++ b/plugins/repository-s3/licenses/log4j-1.2-api-2.25.1.jar.sha1 @@ -0,0 +1 @@ +08b3667ec8ee781429169b612b7ca6d6a30682b9 \ No newline at end of file diff --git a/plugins/repository-s3/licenses/log4j-slf4j-impl-2.21.0.jar.sha1 b/plugins/repository-s3/licenses/log4j-slf4j-impl-2.21.0.jar.sha1 deleted file mode 100644 index 0e22f98daa61c..0000000000000 --- a/plugins/repository-s3/licenses/log4j-slf4j-impl-2.21.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -911fdb5b1a1df36719c579ecc6f2957b88bce1ab \ No newline at end of file diff --git a/plugins/repository-s3/licenses/log4j-slf4j-impl-2.25.1.jar.sha1 b/plugins/repository-s3/licenses/log4j-slf4j-impl-2.25.1.jar.sha1 new file mode 100644 index 0000000000000..d6101f969a2eb --- /dev/null +++ b/plugins/repository-s3/licenses/log4j-slf4j-impl-2.25.1.jar.sha1 @@ -0,0 +1 @@ +3c4144e7864a298b22a77e3a10e52f24a7cdfab0 \ No newline at end of file diff --git a/qa/evil-tests/build.gradle b/qa/evil-tests/build.gradle index acd1a9b094f5c..556aa8643f625 100644 --- a/qa/evil-tests/build.gradle +++ b/qa/evil-tests/build.gradle @@ -44,6 +44,7 @@ dependencies { testImplementation(project(':distribution:tools:plugin-cli')) { exclude group: 'org.bouncycastle' } + testCompileOnly "com.github.spotbugs:spotbugs-annotations:4.9.4" } // TODO: give each evil test its own fresh JVM for more isolation. diff --git a/qa/logging-config/build.gradle b/qa/logging-config/build.gradle index c46198b6fbf8e..a95487babf313 100644 --- a/qa/logging-config/build.gradle +++ b/qa/logging-config/build.gradle @@ -33,6 +33,10 @@ apply plugin: 'opensearch.standalone-rest-test' apply plugin: 'opensearch.rest-test' apply plugin: 'opensearch.standalone-test' +dependencies { + testCompileOnly "com.github.spotbugs:spotbugs-annotations:4.9.4" +} + testClusters.integTest { /** * Provide a custom log4j configuration where layout is an old style pattern and confirm that OpenSearch diff --git a/server/build.gradle b/server/build.gradle index 803d791295e71..abb7e40eac7c7 100644 --- a/server/build.gradle +++ b/server/build.gradle @@ -97,6 +97,11 @@ dependencies { api libs.log4japi api libs.log4jjul api libs.log4jcore, optional + + compileOnly "com.github.spotbugs:spotbugs-annotations:${versions.spotbugs_annotations}" + compileOnly "org.jspecify:jspecify:1.0.0" + api "com.google.errorprone:error_prone_annotations:${versions.error_prone_annotations}" + annotationProcessor libs.log4jcore annotationProcessor project(':libs:opensearch-common') diff --git a/server/licenses/error_prone_annotations-2.41.0.jar.sha1 b/server/licenses/error_prone_annotations-2.41.0.jar.sha1 new file mode 100644 index 0000000000000..b58cb4520a3de --- /dev/null +++ b/server/licenses/error_prone_annotations-2.41.0.jar.sha1 @@ -0,0 +1 @@ +4381275efdef6ddfae38f002c31e84cd001c97f0 \ No newline at end of file diff --git a/modules/transport-grpc/licenses/error_prone_annotations-LICENSE.txt b/server/licenses/error_prone_annotations-LICENSE.txt similarity index 100% rename from modules/transport-grpc/licenses/error_prone_annotations-LICENSE.txt rename to server/licenses/error_prone_annotations-LICENSE.txt diff --git a/modules/transport-grpc/licenses/error_prone_annotations-NOTICE.txt b/server/licenses/error_prone_annotations-NOTICE.txt similarity index 100% rename from modules/transport-grpc/licenses/error_prone_annotations-NOTICE.txt rename to server/licenses/error_prone_annotations-NOTICE.txt diff --git a/server/licenses/log4j-api-2.21.0.jar.sha1 b/server/licenses/log4j-api-2.21.0.jar.sha1 deleted file mode 100644 index 51446052594aa..0000000000000 --- a/server/licenses/log4j-api-2.21.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -760192f2b69eacf4a4afc78e5a1d7a8de054fcbd \ No newline at end of file diff --git a/server/licenses/log4j-api-2.25.1.jar.sha1 b/server/licenses/log4j-api-2.25.1.jar.sha1 new file mode 100644 index 0000000000000..2003ff978ac55 --- /dev/null +++ b/server/licenses/log4j-api-2.25.1.jar.sha1 @@ -0,0 +1 @@ +c7acbbd6f110cd1457c628da46245e355b1ee57a \ No newline at end of file diff --git a/server/licenses/log4j-core-2.21.0.jar.sha1 b/server/licenses/log4j-core-2.21.0.jar.sha1 deleted file mode 100644 index c88e6f7a25ca9..0000000000000 --- a/server/licenses/log4j-core-2.21.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -122e1a9e0603cc9eae07b0846a6ff01f2454bc49 \ No newline at end of file diff --git a/server/licenses/log4j-core-2.25.1.jar.sha1 b/server/licenses/log4j-core-2.25.1.jar.sha1 new file mode 100644 index 0000000000000..e102742f45541 --- /dev/null +++ b/server/licenses/log4j-core-2.25.1.jar.sha1 @@ -0,0 +1 @@ +32b3a228d5a30a4528b6c7354fe6cff9524d89e7 \ No newline at end of file diff --git a/server/licenses/log4j-jul-2.21.0.jar.sha1 b/server/licenses/log4j-jul-2.21.0.jar.sha1 deleted file mode 100644 index 480010840abca..0000000000000 --- a/server/licenses/log4j-jul-2.21.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -f0da61113f4a47654677e6a98b1e13ca7de2483d \ No newline at end of file diff --git a/server/licenses/log4j-jul-2.25.1.jar.sha1 b/server/licenses/log4j-jul-2.25.1.jar.sha1 new file mode 100644 index 0000000000000..41b7ed667cdd0 --- /dev/null +++ b/server/licenses/log4j-jul-2.25.1.jar.sha1 @@ -0,0 +1 @@ +216f9848d569b5cb3bac0d1e571f34ad7d3fd690 \ No newline at end of file diff --git a/server/src/internalClusterTest/java/org/opensearch/search/suggest/CompletionSuggestSearchIT.java b/server/src/internalClusterTest/java/org/opensearch/search/suggest/CompletionSuggestSearchIT.java index 0ab86abea963b..3e4a0894cbae2 100644 --- a/server/src/internalClusterTest/java/org/opensearch/search/suggest/CompletionSuggestSearchIT.java +++ b/server/src/internalClusterTest/java/org/opensearch/search/suggest/CompletionSuggestSearchIT.java @@ -1,10 +1,10 @@ /* - * SPDX-License-Identifier: Apache-2.0 - * - * The OpenSearch Contributors require contributions made to - * this file be licensed under the Apache-2.0 license or a - * compatible open source license. - */ +* SPDX-License-Identifier: Apache-2.0 +* +* The OpenSearch Contributors require contributions made to +* this file be licensed under the Apache-2.0 license or a +* compatible open source license. +*/ /* * Licensed to Elasticsearch under one or more contributor @@ -1176,7 +1176,7 @@ public void testSkipDuplicates() throws Exception { int weight = randomIntBetween(0, 100); weights[id] = Math.max(weight, weights[id]); String suggestion = "suggestion-" + String.format(Locale.ENGLISH, "%03d", id); - logger.info("Creating {}, id {}, weight {}", suggestion, i, id, weight); + logger.info("Creating {}, i {}, id {}, weight {}", suggestion, i, id, weight); indexRequestBuilders.add( client().prepareIndex(INDEX) .setRefreshPolicy(WAIT_UNTIL) @@ -1193,12 +1193,12 @@ public void testSkipDuplicates() throws Exception { indexRandom(true, indexRequestBuilders); Arrays.sort(termIds, Comparator.comparingInt(o -> weights[(int) o]).reversed().thenComparingInt(a -> (int) a)); - logger.info("Expected terms id ordered {}", (Object[]) termIds); + logger.info("Expected terms id ordered {}", Arrays.toString(termIds)); String[] expected = new String[numUnique]; for (int i = 0; i < termIds.length; i++) { expected[i] = "suggestion-" + String.format(Locale.ENGLISH, "%03d", termIds[i]); } - logger.info("Expected suggestions field values {}", (Object[]) expected); + logger.info("Expected suggestions field values {}", Arrays.toString(expected)); CompletionSuggestionBuilder completionSuggestionBuilder = SuggestBuilders.completionSuggestion(FIELD) .prefix("sugg") .skipDuplicates(true) diff --git a/test/framework/build.gradle b/test/framework/build.gradle index 7972307a1e0be..49389f4ba647d 100644 --- a/test/framework/build.gradle +++ b/test/framework/build.gradle @@ -56,7 +56,7 @@ dependencies { fipsOnly "org.bouncycastle:bcutil-fips:${versions.bouncycastle_util}" compileOnly project(":libs:agent-sm:bootstrap") - compileOnly "com.github.spotbugs:spotbugs-annotations:4.9.5" + compileOnly "com.github.spotbugs:spotbugs-annotations:${versions.spotbugs_annotations}" annotationProcessor "org.apache.logging.log4j:log4j-core:${versions.log4j}" } diff --git a/test/framework/src/main/java/org/opensearch/test/OpenSearchTestCase.java b/test/framework/src/main/java/org/opensearch/test/OpenSearchTestCase.java index 147503ac70c21..342b6bc1340a8 100644 --- a/test/framework/src/main/java/org/opensearch/test/OpenSearchTestCase.java +++ b/test/framework/src/main/java/org/opensearch/test/OpenSearchTestCase.java @@ -51,6 +51,7 @@ import org.apache.logging.log4j.core.LoggerContext; import org.apache.logging.log4j.core.appender.AbstractAppender; import org.apache.logging.log4j.core.config.Configurator; +import org.apache.logging.log4j.core.config.Property; import org.apache.logging.log4j.core.layout.PatternLayout; import org.apache.logging.log4j.status.StatusConsoleListener; import org.apache.logging.log4j.status.StatusData; @@ -197,9 +198,13 @@ import static java.util.Collections.emptyMap; import static org.opensearch.core.common.util.CollectionUtils.arrayAsArrayList; import static org.opensearch.index.store.remote.filecache.FileCacheSettings.DATA_TO_FILE_CACHE_SIZE_RATIO_SETTING; +import static org.hamcrest.Matchers.anyOf; +import static org.hamcrest.Matchers.contains; import static org.hamcrest.Matchers.empty; +import static org.hamcrest.Matchers.emptyCollectionOf; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.hasItem; +import static org.hamcrest.Matchers.startsWith; /** * Base testcase for randomized unit testing with OpenSearch @@ -243,6 +248,9 @@ public abstract class OpenSearchTestCase extends LuceneTestCase { private static final Collection nettyLoggedLeaks = new ArrayList<>(); private HeaderWarningAppender headerWarningAppender; + final static String NO_ROOT_LOGGER_WARN_MESSAGE = + "No Root logger was configured, creating default ERROR-level Root logger with Console appender"; + /** * Define LockFeatureFlag annotation for unit tests. * Enables and make a flag immutable for the duration of the test case. @@ -301,12 +309,20 @@ public void tearDown() throws Exception { public static final String DEFAULT_TEST_WORKER_ID = "--not-gradle--"; static { + TEST_WORKER_VM_ID = System.getProperty(TEST_WORKER_SYS_PROPERTY, DEFAULT_TEST_WORKER_ID); setTestSysProps(); + LoggerContext.getContext(true).getConfiguration().getRootLogger().setAdditive(false); String leakLoggerName = "io.netty.util.ResourceLeakDetector"; Logger leakLogger = LogManager.getLogger(leakLoggerName); - Appender leakAppender = new AbstractAppender(leakLoggerName, null, PatternLayout.newBuilder().withPattern("%m").build()) { + Appender leakAppender = new AbstractAppender( + leakLoggerName, + null, + PatternLayout.newBuilder().withPattern("%m").build(), + true, + Property.EMPTY_ARRAY + ) { @Override public void append(LogEvent event) { String message = event.getMessage().getFormattedMessage(); @@ -669,7 +685,7 @@ private void resetDeprecationLogger() { private static final List statusData = new ArrayList<>(); static { // ensure that the status logger is set to the warn level so we do not miss any warnings with our Log4j usage - StatusLogger.getLogger().setLevel(Level.WARN); + StatusLogger.getLogger().getFallbackListener().setLevel(Level.WARN); // Log4j will write out status messages indicating problems with the Log4j usage to the status logger; we hook into this logger and // assert that no such messages were written out as these would indicate a problem with our logging configuration StatusLogger.getLogger().registerListener(new StatusConsoleListener(Level.WARN) { @@ -722,9 +738,12 @@ protected static void checkStaticState(boolean afterClass) throws Exception { }; assertThat( - statusData.stream().map(statusToString::apply).collect(Collectors.joining("\r\n")), statusData.stream().map(status -> status.getMessage().getFormattedMessage()).collect(Collectors.toList()), - empty() + anyOf( + emptyCollectionOf(String.class), + contains(startsWith(NO_ROOT_LOGGER_WARN_MESSAGE)), + contains(startsWith(NO_ROOT_LOGGER_WARN_MESSAGE), startsWith(NO_ROOT_LOGGER_WARN_MESSAGE)) + ) ); } finally { // we clear the list so that status data from other tests do not interfere with tests within the same JVM diff --git a/test/logger-usage/build.gradle b/test/logger-usage/build.gradle index e81cdef04df1f..62a3744d019b3 100644 --- a/test/logger-usage/build.gradle +++ b/test/logger-usage/build.gradle @@ -35,5 +35,7 @@ dependencies { api "org.ow2.asm:asm-tree:${versions.asm}" api "org.ow2.asm:asm-analysis:${versions.asm}" api "org.apache.logging.log4j:log4j-api:${versions.log4j}" + compileOnly "com.google.errorprone:error_prone_annotations:${versions.error_prone_annotations}" + testImplementation project(":test:framework") }