upgrade log4j to 2.16.0 - patched against log4shell

author Jim Procter <j.procter@dundee.ac.uk>

Wed, 15 Dec 2021 12:22:32 +0000 (12:22 +0000)

committer Jim Procter <j.procter@dundee.ac.uk>

Wed, 15 Dec 2021 12:22:32 +0000 (12:22 +0000)
author Jim Procter <j.procter@dundee.ac.uk>
Wed, 15 Dec 2021 12:22:32 +0000 (12:22 +0000)
committer Jim Procter <j.procter@dundee.ac.uk>
Wed, 15 Dec 2021 12:22:32 +0000 (12:22 +0000)
diff --git a/WEB-INF/lib/log4j-1.2-api-2.16.0.jar b/WEB-INF/lib/log4j-1.2-api-2.16.0.jar

new file mode 100644 (file)

index 0000000..6bfe217

Binary files /dev/null and b/WEB-INF/lib/log4j-1.2-api-2.16.0.jar differ
diff --git a/WEB-INF/lib/log4j-1.2.15.jar b/WEB-INF/lib/log4j-1.2.15.jar

deleted file mode 100644 (file)

index c930a6a..0000000

Binary files a/WEB-INF/lib/log4j-1.2.15.jar and /dev/null differ
diff --git a/WEB-INF/lib/log4j-api-2.16.0.jar b/WEB-INF/lib/log4j-api-2.16.0.jar

new file mode 100644 (file)

index 0000000..2cdcc4b

Binary files /dev/null and b/WEB-INF/lib/log4j-api-2.16.0.jar differ
diff --git a/WEB-INF/lib/log4j-core-2.16.0.jar b/WEB-INF/lib/log4j-core-2.16.0.jar

new file mode 100644 (file)

index 0000000..bc913bc

Binary files /dev/null and b/WEB-INF/lib/log4j-core-2.16.0.jar differ
diff --git a/build.xml b/build.xml

index 0c08975..d5c73a4 100644 (file)
--- a/build.xml
+++ b/build.xml
@@ -297,7 +297,7 @@
                                 <include name="compbio/data/msa/**"/>
                                 <include name="compbio/ws/client/**"/>
                         </fileset>
-                       <zipgroupfileset excludes="META-INF/*" dir="" includes="WEB-INF/lib/log4j-1.2.15.jar" />
+                       <zipgroupfileset excludes="META-INF/*" dir="" includes="WEB-INF/lib/log4j-*.jar" />
                         <manifest>
                                 <attribute name="Built-By" value="${author}" />
                                 <attribute name="Main-Class" value="compbio.ws.client.Jws2Client" />
@@ -389,7 +389,7 @@
                 </delete>
                 <jar jarfile="${full-jabaws-client}">
                         <zipgroupfileset excludes="META-INF/*.SF" dir="${web.lib.path}" >
-                               <include name="log4j-1.2.15.jar"/>
+                               <include name="log4j-*.jar"/>
                                 <include name="${compbio-util}"/>
                                 <include name="${compbio-annotation}"/>
                                 <include name="drmaa.jar"/>
@@ -430,7 +430,7 @@
                                 <exclude name="classes"/>
                                 <!-- These are included into JABA client so exclude the jars -->
                                 <exclude name="lib/drmaa.jar"/>
-                               <exclude name="lib/log4j-1.2.15.jar"/>
+                               <exclude name="lib/log4j-*.jar"/>
                                 <exclude name="lib/${compbio-annotation}"/>
                                 <exclude name="lib/${compbio-util}"/>
author	Jim Procter <j.procter@dundee.ac.uk>
	Wed, 15 Dec 2021 12:22:32 +0000 (12:22 +0000)
committer	Jim Procter <j.procter@dundee.ac.uk>
	Wed, 15 Dec 2021 12:22:32 +0000 (12:22 +0000)
WEB-INF/lib/log4j-1.2-api-2.16.0.jar	[new file with mode: 0644]	patch \| blob
WEB-INF/lib/log4j-1.2.15.jar	[deleted file]	patch \| blob \| history
WEB-INF/lib/log4j-api-2.16.0.jar	[new file with mode: 0644]	patch \| blob
WEB-INF/lib/log4j-core-2.16.0.jar	[new file with mode: 0644]	patch \| blob
build.xml		patch \| blob \| history