Upgrade to log4J 2.18.0

elastic · Jul 3, 2022 · 3e70677 · 3e70677
1 parent 97df136
commit 3e70677
Show file tree

Hide file tree

Showing 35 changed files with 20 additions and 60 deletions.
diff --git a/build-tools-internal/version.properties b/build-tools-internal/version.properties
@@ -13,7 +13,7 @@ jackson           = 2.13.2
 snakeyaml         = 1.26
 icu4j             = 68.2
 supercsv          = 2.4.0
-log4j             = 2.17.1
+log4j             = 2.18.0
 slf4j             = 1.6.2
 ecsLogging        = 1.2.0
 

diff --git a/modules/repository-azure/licenses/log4j-slf4j-impl-2.17.1.jar.sha1 b/modules/repository-azure/licenses/log4j-slf4j-impl-2.17.1.jar.sha1
diff --git a/modules/repository-azure/licenses/log4j-slf4j-impl-2.18.0.jar.sha1 b/modules/repository-azure/licenses/log4j-slf4j-impl-2.18.0.jar.sha1
@@ -0,0 +1 @@
+e0ea6ef49f1349bb30e8c6e8a7052d0f3ee7a719
diff --git a/modules/repository-gcs/licenses/log4j-1.2-api-2.17.1.jar.sha1 b/modules/repository-gcs/licenses/log4j-1.2-api-2.17.1.jar.sha1
diff --git a/modules/repository-gcs/licenses/log4j-1.2-api-2.18.0.jar.sha1 b/modules/repository-gcs/licenses/log4j-1.2-api-2.18.0.jar.sha1
@@ -0,0 +1 @@
+09b1039c025e0d9a792daf1af0eac564e7181210
diff --git a/modules/repository-s3/licenses/log4j-1.2-api-2.17.1.jar.sha1 b/modules/repository-s3/licenses/log4j-1.2-api-2.17.1.jar.sha1
diff --git a/modules/repository-s3/licenses/log4j-1.2-api-2.18.0.jar.sha1 b/modules/repository-s3/licenses/log4j-1.2-api-2.18.0.jar.sha1
@@ -0,0 +1 @@
+09b1039c025e0d9a792daf1af0eac564e7181210
diff --git a/modules/repository-url/licenses/log4j-1.2-api-2.17.1.jar.sha1 b/modules/repository-url/licenses/log4j-1.2-api-2.17.1.jar.sha1
diff --git a/modules/repository-url/licenses/log4j-1.2-api-2.18.0.jar.sha1 b/modules/repository-url/licenses/log4j-1.2-api-2.18.0.jar.sha1
@@ -0,0 +1 @@
+09b1039c025e0d9a792daf1af0eac564e7181210
diff --git a/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.17.1.jar.sha1 b/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.17.1.jar.sha1
diff --git a/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.18.0.jar.sha1 b/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.18.0.jar.sha1
@@ -0,0 +1 @@
+09b1039c025e0d9a792daf1af0eac564e7181210
diff --git a/plugins/discovery-ec2/licenses/log4j-1.2-api-2.17.1.jar.sha1 b/plugins/discovery-ec2/licenses/log4j-1.2-api-2.17.1.jar.sha1
diff --git a/plugins/discovery-ec2/licenses/log4j-1.2-api-2.18.0.jar.sha1 b/plugins/discovery-ec2/licenses/log4j-1.2-api-2.18.0.jar.sha1
@@ -0,0 +1 @@
+09b1039c025e0d9a792daf1af0eac564e7181210
diff --git a/plugins/discovery-gce/licenses/log4j-1.2-api-2.17.1.jar.sha1 b/plugins/discovery-gce/licenses/log4j-1.2-api-2.17.1.jar.sha1
diff --git a/plugins/discovery-gce/licenses/log4j-1.2-api-2.18.0.jar.sha1 b/plugins/discovery-gce/licenses/log4j-1.2-api-2.18.0.jar.sha1
@@ -0,0 +1 @@
+09b1039c025e0d9a792daf1af0eac564e7181210
diff --git a/plugins/repository-hdfs/licenses/log4j-1.2-api-2.17.1.jar.sha1 b/plugins/repository-hdfs/licenses/log4j-1.2-api-2.17.1.jar.sha1
diff --git a/plugins/repository-hdfs/licenses/log4j-1.2-api-2.18.0.jar.sha1 b/plugins/repository-hdfs/licenses/log4j-1.2-api-2.18.0.jar.sha1
@@ -0,0 +1 @@
+09b1039c025e0d9a792daf1af0eac564e7181210
diff --git a/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.17.1.jar.sha1 b/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.17.1.jar.sha1
diff --git a/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.18.0.jar.sha1 b/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.18.0.jar.sha1
@@ -0,0 +1 @@
+e0ea6ef49f1349bb30e8c6e8a7052d0f3ee7a719
diff --git a/server/build.gradle b/server/build.gradle
@@ -178,7 +178,9 @@ tasks.named("thirdPartyAudit").configure {
             'com.lmax.disruptor.LifecycleAware',
             'com.lmax.disruptor.RingBuffer',
             'com.lmax.disruptor.Sequence',
+            'com.lmax.disruptor.SequenceBarrier',
             'com.lmax.disruptor.SequenceReportingEventHandler',
+            'com.lmax.disruptor.TimeoutException',
             'com.lmax.disruptor.WaitStrategy',
             'com.lmax.disruptor.dsl.Disruptor',
             'com.lmax.disruptor.dsl.ProducerType',
@@ -215,6 +217,7 @@ tasks.named("thirdPartyAudit").configure {
             'org.osgi.framework.BundleEvent',
             'org.osgi.framework.BundleReference',
             'org.osgi.framework.FrameworkUtil',
+            'org.osgi.framework.ServiceReference',
             'org.osgi.framework.ServiceRegistration',
             'org.osgi.framework.SynchronousBundleListener',
             'org.osgi.framework.wiring.BundleWire',

diff --git a/server/licenses/log4j-api-2.17.1.jar.sha1 b/server/licenses/log4j-api-2.17.1.jar.sha1
diff --git a/server/licenses/log4j-api-2.18.0.jar.sha1 b/server/licenses/log4j-api-2.18.0.jar.sha1
@@ -0,0 +1 @@
+c72ad9b1d8d42e4ea7befd8248bf05877af4c63d
diff --git a/server/licenses/log4j-core-2.17.1.jar.sha1 b/server/licenses/log4j-core-2.17.1.jar.sha1
diff --git a/server/licenses/log4j-core-2.18.0.jar.sha1 b/server/licenses/log4j-core-2.18.0.jar.sha1
@@ -0,0 +1 @@
+07c1882ede137548925eadb750615edab2f6e13c
diff --git a/server/src/main/java/module-info.java b/server/src/main/java/module-info.java
@@ -358,5 +358,4 @@
         with
             org.elasticsearch.cluster.coordination.NodeToolCliProvider,
             org.elasticsearch.index.shard.ShardToolCliProvider;
-    provides org.apache.logging.log4j.util.PropertySource with org.elasticsearch.common.logging.ESSystemPropertiesPropertySource;
 }
diff --git a/server/src/main/java/org/elasticsearch/bootstrap/ESPolicy.java b/server/src/main/java/org/elasticsearch/bootstrap/ESPolicy.java
@@ -20,11 +20,9 @@
 import java.security.Permissions;
 import java.security.Policy;
 import java.security.ProtectionDomain;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
-import java.util.Optional;
 import java.util.function.Predicate;
 
 /** custom policy for union of static and dynamic permissions */
@@ -69,25 +67,6 @@ final class ESPolicy extends Policy {
         this.plugins = plugins;
     }
 
-    private static final Predicate<StackTraceElement> JDK_BOOT = f -> f.getClassLoaderName() == null;
-    private static final Predicate<StackTraceElement> ES_BOOTSTRAP = f -> f.getClassName().startsWith("org.elasticsearch.bootstrap");
-    private static final Predicate<StackTraceElement> IS_LOG4J = f -> "org.apache.logging.log4j.util.LoaderUtil".equals(f.getClassName())
-        && "getClassLoaders".equals(f.getMethodName());
-
-    /**
-     *  Returns true if the top of the call stack has:
-     *   1) Only frames belonging from the JDK's boot loader or org.elasticsearch.bootstrap, followed directly by
-     *   2) org.apache.logging.log4j.util.LoaderUtil.getClassLoaders
-     */
-    private static boolean isLoaderUtilGetClassLoaders() {
-        Optional<StackTraceElement> frame = Arrays.stream(Thread.currentThread().getStackTrace())
-            .dropWhile(JDK_BOOT.or(ES_BOOTSTRAP))
-            .limit(1)
-            .findFirst()
-            .filter(IS_LOG4J);
-        return frame.isPresent();
-    }
-
     @Override
     @SuppressForbidden(reason = "fast equals check is desired")
     public boolean implies(ProtectionDomain domain, Permission permission) {
@@ -124,11 +103,7 @@ public boolean implies(ProtectionDomain domain, Permission permission) {
             if ("<<ALL FILES>>".equals(permission.getName())) {
                 hadoopHack();
             }
-        } else if (permission instanceof RuntimePermission
-            && "getClassLoader".equals(permission.getName())
-            && isLoaderUtilGetClassLoaders()) {
-                return true;
-            }
+        }
 
         // otherwise defer to template + dynamic file permissions
         return template.implies(domain, permission) || dynamic.implies(permission) || system.implies(domain, permission);

diff --git a/server/src/main/java/org/elasticsearch/common/logging/ESSystemPropertiesPropertySource.java b/server/src/main/java/org/elasticsearch/common/logging/ESSystemPropertiesPropertySource.java
diff --git a/x-pack/plugin/core/licenses/log4j-1.2-api-2.17.1.jar.sha1 b/x-pack/plugin/core/licenses/log4j-1.2-api-2.17.1.jar.sha1
diff --git a/x-pack/plugin/core/licenses/log4j-1.2-api-2.18.0.jar.sha1 b/x-pack/plugin/core/licenses/log4j-1.2-api-2.18.0.jar.sha1
@@ -0,0 +1 @@
+09b1039c025e0d9a792daf1af0eac564e7181210
diff --git a/x-pack/plugin/identity-provider/licenses/log4j-slf4j-impl-2.17.1.jar.sha1 b/x-pack/plugin/identity-provider/licenses/log4j-slf4j-impl-2.17.1.jar.sha1
diff --git a/x-pack/plugin/identity-provider/licenses/log4j-slf4j-impl-2.18.0.jar.sha1 b/x-pack/plugin/identity-provider/licenses/log4j-slf4j-impl-2.18.0.jar.sha1
@@ -0,0 +1 @@
+e0ea6ef49f1349bb30e8c6e8a7052d0f3ee7a719
diff --git a/x-pack/plugin/security/licenses/log4j-slf4j-impl-2.17.1.jar.sha1 b/x-pack/plugin/security/licenses/log4j-slf4j-impl-2.17.1.jar.sha1
diff --git a/x-pack/plugin/security/licenses/log4j-slf4j-impl-2.18.0.jar.sha1 b/x-pack/plugin/security/licenses/log4j-slf4j-impl-2.18.0.jar.sha1
@@ -0,0 +1 @@
+e0ea6ef49f1349bb30e8c6e8a7052d0f3ee7a719
diff --git a/x-pack/plugin/vector-tile/licenses/log4j-slf4j-impl-2.17.1.jar.sha1 b/x-pack/plugin/vector-tile/licenses/log4j-slf4j-impl-2.17.1.jar.sha1
diff --git a/x-pack/plugin/vector-tile/licenses/log4j-slf4j-impl-2.18.0.jar.sha1 b/x-pack/plugin/vector-tile/licenses/log4j-slf4j-impl-2.18.0.jar.sha1
@@ -0,0 +1 @@
+e0ea6ef49f1349bb30e8c6e8a7052d0f3ee7a719