Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AMORO-1548] Remove log4j 1.2.x #2038

Merged
merged 8 commits into from
Oct 12, 2023
Merged

[AMORO-1548] Remove log4j 1.2.x #2038

merged 8 commits into from
Oct 12, 2023

Conversation

XBaith
Copy link
Contributor

@XBaith XBaith commented Sep 26, 2023
edited
Loading

Why are the changes needed?

Close #1548
Scan the jar with DependencyCheck(https://github.com/jeremylong/DependencyCheck) and find some CRITICAL severity issues

Brief change log

  • Remove log4j 1.2.x vulnerabilities

How was this patch tested?

  • Add some test cases that check the changes thoroughly including negative and positive cases if possible

  • Add screenshots for manual tests if appropriate

  • Run test locally before making a pull request

Documentation

  • Does this pull request introduce a new feature? (no)
  • If yes, how is the feature documented? (not documented)

@github-actions github-actions bot added module:mixed-flink Flink moduel for Mixed Format module:mixed-spark Spark module for Mixed Format module:mixed-hive Hive moduel for Mixed Format type:build labels Sep 26, 2023
@codecov
Copy link

codecov bot commented Sep 26, 2023
edited
Loading

Codecov Report

All modified lines are covered by tests ✅

see 6 files with indirect coverage changes

📢 Thoughts on this report? Let us know!.

baiyangtx
baiyangtx approved these changes Sep 26, 2023
View reviewed changes
Copy link
Contributor

@baiyangtx baiyangtx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for your contributions.

@XBaith XBaith mentioned this pull request Sep 27, 2023
Closed
6 tasks
@shidayang
Copy link
Contributor

LGTM

XBaith added 4 commits October 11, 2023 11:12
@XBaith
Merge branch 'master' into log4j-upgrade
a436904 
# Conflicts:
#	flink/v1.12/arctic-flink-1.12-iceberg-bridge/pom.xml
#	flink/v1.12/arctic-flink-1.12-pulsar-bridge/pom.xml
#	flink/v1.12/flink/pom.xml
#	hive/pom.xml
#	pom.xml
@XBaith
resolve conflicts
ebb6641
@XBaith
Merge branch 'master' into log4j-upgrade
f83c875
@XBaith
Merge branch 'master' into log4j-upgrade
87c063e
@baiyangtx baiyangtx merged commit e8605dd into apache:master Oct 12, 2023
@XBaith XBaith deleted the log4j-upgrade branch October 12, 2023 13:41
ShawHee pushed a commit to ShawHee/arctic that referenced this pull request Dec 29, 2023
@XBaith @ShawHee
[AMORO-1548] Remove log4j 1.2.x (apache#2038)
cc15799 
* remove log4j 1.2.x

* resolve conflicts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@baiyangtx baiyangtx baiyangtx approved these changes

@shidayang shidayang shidayang approved these changes

Assignees
No one assigned
Labels
module:mixed-flink Flink moduel for Mixed Format module:mixed-hive Hive moduel for Mixed Format module:mixed-spark Spark module for Mixed Format type:build
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug]: Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data
3 participants
@XBaith @shidayang @baiyangtx