Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to log4j 2.17.0 #5913

Merged
merged 1 commit into from
Dec 20, 2021
Merged

Upgrade to log4j 2.17.0 #5913

merged 1 commit into from
Dec 20, 2021

Conversation

jstriebel
Copy link
Contributor

Upgrades log4j to the newest version, mitigating more vulnerabilities. Not sure if wk-wrap must also be upgraded so that this has an effect, going to check this in the built container.

  • Ready for review

@jstriebel jstriebel self-assigned this Dec 20, 2021
@bulldozer-boy bulldozer-boy bot merged commit b0a63ef into master Dec 20, 2021
@bulldozer-boy bulldozer-boy bot deleted the log4j-217 branch December 20, 2021 11:45
@jstriebel
Copy link
Contributor Author

Unfortunately, the dependencies still include the old log4j version, we need to bump it in wk-wrap as well: scalableminds/webknossos-wrap#72

docker run --rm -ti --entrypoint ls scalableminds/webknossos:log4j_217 /webknossos/lib | grep log4j
 org.apache.logging.log4j.log4j-api-2.15.0.jar
 org.apache.logging.log4j.log4j-core-2.15.0.jar

philippotto pushed a commit that referenced this pull request Dec 21, 2021
@jstriebel @philippotto
Upgrade to log4j 2.17.0 (#5913)
a75be6c 
* Update Dependencies.scala
philippotto added a commit that referenced this pull request Dec 21, 2021
@philippotto @fm3 @jstriebel
Release 21.11.2 (#5917)
823efbe 
* release 21.11

* Bump wk-wrap to 1.1.13 to avoid outdated log4j dependency (#5903)

* release 21.11.1 (includes log4j fix)

* Upgrade to log4j 2.17.0 (#5913)

* Update Dependencies.scala

* Upgrade webknossos-wrap dependency to 1.1.15 (#5914)

* update changelog for 21.11.2

Co-authored-by: Florian M <[email protected]>
Co-authored-by: Jonathan Striebel <[email protected]>
MichaelBuessemeyer pushed a commit that referenced this pull request Dec 22, 2021
@jstriebel @MichaelBuessemeyer
Upgrade to log4j 2.17.0 (#5913)
bffe68b 
* Update Dependencies.scala
MichaelBuessemeyer pushed a commit that referenced this pull request Dec 22, 2021
@philippotto @fm3
@jstriebel @MichaelBuessemeyer
Release 21.11.2 (#5917)
c166729 
* release 21.11

* Bump wk-wrap to 1.1.13 to avoid outdated log4j dependency (#5903)

* release 21.11.1 (includes log4j fix)

* Upgrade to log4j 2.17.0 (#5913)

* Update Dependencies.scala

* Upgrade webknossos-wrap dependency to 1.1.15 (#5914)

* update changelog for 21.11.2

Co-authored-by: Florian M <[email protected]>
Co-authored-by: Jonathan Striebel <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@normanrz normanrz normanrz approved these changes

@fm3 fm3 Awaiting requested review from fm3

@philippotto philippotto Awaiting requested review from philippotto

Assignees

@jstriebel jstriebel

Labels
automerge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jstriebel @normanrz