-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump log4j to 2.17 #345
Bump log4j to 2.17 #345
Conversation
Signed-off-by: Shenoy Pratik <[email protected]>
@@ -0,0 +1,6 @@ | |||
### Version 1.2.3.0 Release Notes | |||
Compatible with OpenSearch and OpenSearch Dashboards Version 1.2.3 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Supposedly compatible with OpenSearch Dashboards 1.2.x, AFAIK we're not planning a Dashboards release.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated, thanks!
Signed-off-by: Shenoy Pratik <[email protected]>
Build is failing ... |
I see version conflict for log4j. Is the core artifact for 1.2.3 ready with log4j 2.17.0?
|
Yes, see opensearch-project/OpenSearch#1774 |
It's pretty clear from
After building OpenSearch/1.2 into local maven the error in this PR goes away. It looks like we were never able to get a 1.2.3-SNAPSHOT successfully built with that change because of the build failure in performance-analyzer. I PRed opensearch-project/opensearch-build#1387 removing it to see if that fixes it. |
Codecov Report
@@ Coverage Diff @@
## 1.2 #345 +/- ##
=========================================
Coverage 99.90% 99.90%
Complexity 2687 2687
=========================================
Files 256 256
Lines 6524 6524
Branches 420 420
=========================================
Hits 6518 6518
Misses 5 5
Partials 1 1
Flags with carried forward coverage won't be shown. Click here to find out more. Continue to review full report at Codecov.
|
@ps48 please backport this to main, and bump main version to 1.3.0 |
Signed-off-by: Shenoy Pratik [email protected]
Description
Bumped up log4j to 2.17
Issues Resolved
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105
opensearch-project/opensearch-build#1365
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.