Upgrade log4j to fix CVE-2021-44228

.travis.yml

@@ -26,6 +26,8 @@ addons:
       - jq
       - bash
       - python3-pip
+      - python3-setuptools
+      - python3-wheel
 
 jdk:
   - openjdk8
@@ -49,12 +51,14 @@ before_install:
   - wget https://github.com/strapdata/bach/raw/master/install-jdk.sh
   - chmod a+x install-jdk.sh && ./install-jdk.sh -v -f 9;
   - keytool -import -trustcacerts -keystore $JAVA9_HOME/lib/security/cacerts -storepass changeit -alias SFSRootCAG2x -file SFSRootCAG2.pem -noprompt
+  - keytool -import -trustcacerts -keystore $JAVA9_HOME/lib/security/cacerts -storepass changeit -alias GlobalSignAtlasCA -file GlobalSignAtlasCA.pem -noprompt
+  - keytool -import -trustcacerts -keystore $JAVA9_HOME/lib/security/cacerts -storepass changeit -alias GlobalSignAtlasR3 -file GlobalSignAtlasR3.pem -noprompt
   # solves gpg server problems
   # - wget -qO- 'https://github.com/tianon/pgp-happy-eyeballs/raw/master/hack-my-builds.sh' | bash
   - wget -O ecm-ccm-elassandra.zip https://github.com/strapdata/ecm/archive/ccm-elassandra.zip
   - unzip ecm-ccm-elassandra.zip && cd ecm-ccm-elassandra && sudo ./setup.py install
-  - pip3 install --upgrade setuptools
-  - pip3 install sphinx~=2.4.4 sphinx_rtd_theme
+  - pip3 install --upgrade setuptools wheel
+  #- pip3 install sphinx~=4.3.1 sphinx_rtd_theme
   - sudo fallocate -l 4G /swapfile
   - sudo chmod 600 /swapfile
   - sudo mkswap /swapfile
@@ -66,9 +70,9 @@ install:
   - JAVA_HOME=$JAVA9_HOME ./gradlew --version
 
 script:
-  - (cd docs/elassandra; make clean html SPHINXOPTS="-W")
-  - JAVA_HOME=$JAVA9_HOME ./gradlew server:test -Dbuild.snapshot=false
-  - JAVA_HOME=$JAVA9_HOME ./gradlew assemble -Dbuild.snapshot=false
+  #- (cd docs/elassandra; make clean html SPHINXOPTS="-W")
+  - JAVA_HOME=$JAVA9_HOME JAVA_OPTS="--add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.invoke=ALL-UNNAMED" ./gradlew server:test -Dbuild.snapshot=false
+  - JAVA_HOME=$JAVA9_HOME JAVA_OPTS="--add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.invoke=ALL-UNNAMED" ./gradlew assemble -Dbuild.snapshot=false
   - JAVA_HOME=$JAVA8_HOME ./integ-test/test-cleanup-repair.sh $(ls distribution/tar/build/distributions/elassandra-*.tar.gz)
   - JAVA_HOME=$JAVA8_HOME ./integ-test/test-datacenter-groups.sh $(ls distribution/tar/build/distributions/elassandra-*.tar.gz)
 
@@ -103,35 +107,35 @@ deploy:
       tags: true
 
   # bump and push to gke marketplace repo, build gke images, push to gcr.io
-  - provider: script
-    skip_cleanup: true
-    script: bash ./ci/gke-marketplace.sh
-    on:
-      tags: true
-      repo: strapdata/elassandra
+  #- provider: script
+  #  skip_cleanup: true
+  #  script: bash ./ci/gke-marketplace.sh
+  #  on:
+  #    tags: true
+  #    repo: strapdata/elassandra
 
   # publish snapshot artifact in strapdata nexus
-  - provider: script
-    skip_cleanup: true
-    script: JAVA_HOME=$JAVA9_HOME ./gradlew publish -PrepoUsername="${NEXUS_USERNAME}" -PrepoPassword="${NEXUS_PASSWORD}" -PrepoUrl="$NEXUS_URL/maven-snapshots/"
-    on:
-      tags: false
-      repo: strapdata/elassandra
+  #- provider: script
+  #  skip_cleanup: true
+  #  script: JAVA_HOME=$JAVA9_HOME ./gradlew publish -PrepoUsername="${NEXUS_USERNAME}" -PrepoPassword="${NEXUS_PASSWORD}" -PrepoUrl="$NEXUS_URL/maven-snapshots/"
+  #  on:
+  #    tags: false
+  #    repo: strapdata/elassandra
 
   # publish release artifact in strapdata nexus
-  - provider: script
-    skip_cleanup: true
-    script: JAVA_HOME=$JAVA9_HOME ./gradlew publish -Dbuild.snapshot=false -PrepoUsername="${NEXUS_USERNAME}" -PrepoPassword="${NEXUS_PASSWORD}" -PrepoUrl="$NEXUS_URL/maven-releases-public/"
-    on:
-      tags: true
-      repo: strapdata/elassandra
+  #- provider: script
+  #  skip_cleanup: true
+  #  script: JAVA_HOME=$JAVA9_HOME ./gradlew publish -Dbuild.snapshot=false -PrepoUsername="${NEXUS_USERNAME}" -PrepoPassword="${NEXUS_PASSWORD}" -PrepoUrl="$NEXUS_URL/maven-releases-public/"
+  #  on:
+  #    tags: true
+  #    repo: strapdata/elassandra
 
   # publish RMP+DEB in strapdata repo
-  - provider: script
-    skip_cleanup: true
-    script: >-
-      curl -v --user ${NEXUS_USERNAME}:${NEXUS_PASSWORD} --upload-file ${RPMPKG} "${NEXUS_URL}/$(basename ${RPMPKG})" &&
-      curl -v --user ${NEXUS_USERNAME}:${NEXUS_PASSWORD} -X POST -H 'Content-Type: multipart/form-data' --data-binary "@${DEBPKG}" "${NEXUS_URL}/apt-releases/"
-    on:
-      tags: true
-      repo: strapdata/elassandra
+  #- provider: script
+  #  skip_cleanup: true
+  #  script: >-
+  #    curl -v --user ${NEXUS_USERNAME}:${NEXUS_PASSWORD} --upload-file ${RPMPKG} "${NEXUS_URL}/$(basename ${RPMPKG})" &&
+  #    curl -v --user ${NEXUS_USERNAME}:${NEXUS_PASSWORD} -X POST -H 'Content-Type: multipart/form-data' --data-binary "@${DEBPKG}" "${NEXUS_URL}/apt-releases/"
+  #  on:
+  #    tags: true
+  #    repo: strapdata/elassandra

GlobalSignAtlasCA.pem

@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIGbjCCBVagAwIBAgIQARzu9oqdWpVI2IcZhWtIpTANBgkqhkiG9w0BAQsFADBY
+MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEuMCwGA1UE
+AxMlR2xvYmFsU2lnbiBBdGxhcyBSMyBEViBUTFMgQ0EgSDIgMjAyMTAeFw0yMTA5
+MDcxNjQzNTNaFw0yMjEwMDkxNjQzNTJaMCAxHjAcBgNVBAMMFXJlcG8ubWF2ZW4u
+YXBhY2hlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANgobf8J
+a1z0BNv/orejpy4r2c411hUnEx4ua+uVZG/GvT3ToUKuBVUS9/7tAB/emx/yhCVH
+TfOMIL9KWM/R22PRvaWBWtJBS979gVzqabsrLyEacO20juwMJuvgMC0DLThej8bt
+/I8FwdfzlTWp6FUnxYqOroHVi1tjFgaN2ApRSwNc0rfEWePlIakvPqXbr04gvVIe
+zdZ/FMip3WnHS+LPLCKudrPAOLs1kknrjMfCfb+RXbYU264XbqycT2PRdEnyLTDe
+W+SuOmLQrV6+TRinjCvT/YigQj9+Xuw6kdLyaJRPMWhpAfYO9/3wXdF9Zqab2GCp
+zosFRAUyJTbX3dkCAwEAAaOCA2owggNmMCAGA1UdEQQZMBeCFXJlcG8ubWF2ZW4u
+YXBhY2hlLm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
+CCsGAQUFBwMCMB0GA1UdDgQWBBRot2FeIvPGt8FQFs3xM/XG7sWjYTBXBgNVHSAE
+UDBOMAgGBmeBDAECATBCBgorBgEEAaAyCgEDMDQwMgYIKwYBBQUHAgEWJmh0dHBz
+Oi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAwGA1UdEwEB/wQCMAAw
+gZ4GCCsGAQUFBwEBBIGRMIGOMEAGCCsGAQUFBzABhjRodHRwOi8vb2NzcC5nbG9i
+YWxzaWduLmNvbS9jYS9nc2F0bGFzcjNkdnRsc2NhaDIyMDIxMEoGCCsGAQUFBzAC
+hj5odHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2F0bGFzcjNk
+dnRsc2NhaDIyMDIxLmNydDAfBgNVHSMEGDAWgBQqNLmq+r88iPFH8tISeL7F5aqw
+aTBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2Nh
+L2dzYXRsYXNyM2R2dGxzY2FoMjIwMjEuY3JsMIIBfwYKKwYBBAHWeQIEAgSCAW8E
+ggFrAWkAdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq/L8cP5tRwAAAXvBJQKe
+AAAEAwBHMEUCIHPe/SaIWCqmCF05blTVu9gCy/Sb+7NVTAkLPF9Les2MAiEA6dEG
+lIXCAXhpVQ1qnOaJXMCN5yEtqcBpJJ/zvLli2qwAdgBVgdTCFpA2AUrqC5tXPFPw
+wOQ4eHAlCBcvo6odBxPTDAAAAXvBJQMPAAAEAwBHMEUCIDyZTHiGKmJgSjErrcXD
+8QGVDo1n0PAKnXHBaWO/0lv4AiEAnb0rhiRdO27mdoEGv9xGO5j5IIdU/nTeE7N4
+lpcVKGMAdwDfpV6raIJPH2yt7rhfTj5a6s2iEqRqXo47EsAgRFwqcwAAAXvBJQMY
+AAAEAwBIMEYCIQCcExImMoB2tYtgxssjjASATgoJoywW3hhq8owHxS2OvgIhAMF2
+mj0FyrCec7lOsLeu4YfZrdaFArYVwH6t4Nwt7E6rMA0GCSqGSIb3DQEBCwUAA4IB
+AQBHTWk8V1kfKuq2UUH3yiMM2Pigm8E2Wa9HbyWnw7n3jyfYqb3MKoxi2rq0z28R
+0e+aB17XcnQ4NxnvaOdX/TfgjtxKDH6D3zh7UkETgDhWk6V0PKFkucav+7VZF9O1
+tHg+odx9bfQ6qlewVip/zZDdvs3I+ZFHAJo+HgAaOPRfXDckVUWCHvcFevg6OyOz
+MsxG9DnJTEs3ee8HkwUXiGjR88YE+0S6maUZhCORWTW7i/tA4uRqUSD/O5ArOjVo
+VQWDtOd4q2LqylILWnFEyQl4K9skGVAE67S/dZuqXK5NPGi/uYkJ1chcH+BBTyxK
+wc2h5UtzeKjzsnbJjePaZuzX
+-----END CERTIFICATE-----

GlobalSignAtlasR3.pem

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIExTCCA62gAwIBAgIQeimFGrf0XWZ5UGZBtv/XHTANBgkqhkiG9w0BAQsFADBM
+MSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xv
+YmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0yMTA2MTYxMjAwMDBaFw0y
+NDA2MTYwMDAwMDBaMFgxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWdu
+IG52LXNhMS4wLAYDVQQDEyVHbG9iYWxTaWduIEF0bGFzIFIzIERWIFRMUyBDQSBI
+MiAyMDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1JTAQMj+QUYF
+3d9X5eOWFOphbB6GpHE3J0uvUXcQwxnd8Jz26aQCE1ZYxJFEc2WmsxuVeVXU+rZj
+7+MYD7Mg72bhuiwUdwRGRN4a2N122LfIQlTFlHu/fwcNqYX/fe3phvZt9upnH4oJ
+aLBbay+t+HPPC4em74x2WKaIl31ZXzgzllLomnlLISLOKiQe1rEHp4yy3/yE2a4G
+1l/lprA49dcyM/oylm9Bbkum2F4C+EOjHgTAoDVJrJpdWvPj0CU+HkmftujfFp4S
+55LECSr2TfJt7xjgR3eLUx12nlpoauWEzZ0/i6OIDPfbmqcksw4ani/YO07LbRM6
+cY9VZzkAvwIDAQABo4IBlTCCAZEwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQW
+BBQqNLmq+r88iPFH8tISeL7F5aqwaTAfBgNVHSMEGDAWgBSP8Et/qC5FJK5NUPpj
+move4t0bvDB7BggrBgEFBQcBAQRvMG0wLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3Nw
+Mi5nbG9iYWxzaWduLmNvbS9yb290cjMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9zZWN1
+cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L3Jvb3QtcjMuY3J0MDYGA1UdHwQvMC0w
+K6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vcm9vdC1yMy5jcmwwVwYD
+VR0gBFAwTjAIBgZngQwBAgEwQgYKKwYBBAGgMgoBAzA0MDIGCCsGAQUFBwIBFiZo
+dHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0B
+AQsFAAOCAQEAEsIwXEhdAfoUGaKAnYfVI7zsOY7Sx8bpC/obGxXa4Kyu8CVx+TtT
+g8WmKNF7+I7C51NZEmhvb8UDI1G9ny7iYIRDajQD5AeZowbfC69aHQSI9LiOeAZb
+YaRDJfWps9redPwoaC0iT5R4xLOnWwCtmIho1bv/YG3pMAvaQ+qn04kuUvWO7LEp
+u7FdHmx1DdgkefcqYgN/rAZ8E39S9VxWV+64PNUDey8vkAIH8FCTxbWiITty6dsH
+SulKQ9pSa93k9PHTf+di08mMQBq5WBWTiFeMYZEWyE/z7NHdU3eLMZjq6y/nKlF9
+nywrToh4AgdZK6JnbU+lqbNiexJbaBoA3w==
+-----END CERTIFICATE-----

buildSrc/version.properties

@@ -10,7 +10,7 @@ jackson           = 2.8.11
 jacksondatabind   = 2.8.11.6
 snakeyaml         = 1.17
 # when updating log4j, please update also docs/java-api/index.asciidoc
-log4j             = 2.9.1
+log4j             = 2.16.0
 slf4j             = 1.7.25
 
 # when updating the JNA version, also update the version in buildSrc/build.gradle

docs/elassandra/Makefile

@@ -9,7 +9,7 @@ BUILDDIR      = build
 
 # User-friendly check for sphinx-build
 ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1)
-	$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don\'t have Sphinx installed, grab it from http://sphinx-doc.org/)
+   $(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don\'t have Sphinx installed, grab it from http://sphinx-doc.org/)
 endif
 
 # Internal variables.

docs/elassandra/requirements.txt

@@ -1,14 +1,14 @@
 alabaster==0.7.10
-Babel==2.5.1
+babel>=2.9.1
 certifi==2017.7.27.1
 chardet==3.0.4
 CommonMark==0.5.4
 docutils==0.14
 idna==2.6
 imagesize==0.7.1
-Jinja2==2.10.1
+jinja2>=2.11.3
 MarkupSafe==1.0
-Pygments==2.2.0
+Pygments>=2.7.4
 pytz==2017.2
 recommonmark==0.4.0
 requests==2.21.0
@@ -18,4 +18,4 @@ Sphinx==1.6.4
 sphinx-rtd-theme==0.2.4
 sphinxcontrib-websupport==1.0.1
 typing==3.6.2
-urllib3==1.24.3
+urllib3>=1.26.5

docs/elassandra/source/conf.py

@@ -15,7 +15,7 @@
 import sys
 import os
 
-import sphinx_rtd_theme
+#import sphinx_rtd_theme
 
 # If extensions (or modules to document with autodoc) are in another directory,
 # add these directories to sys.path here. If the directory is relative to the
@@ -130,15 +130,15 @@
 
 # Add custom javascript
 def setup(app):
-    app.add_javascript('custom.js')
+    app.add_js_file('custom.js')
 
 # -- Options for HTML output ----------------------------------------------
 
 # The theme to use for HTML and HTML Help pages.  See the documentation for
 # a list of builtin themes.
 #html_theme = 'basicstrap'
 html_theme = 'sphinx_rtd_theme'
-html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
+#html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
 
 #html_theme_options = {
 #  'header_inverse': True,