You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jmeter.apache.org by pm...@apache.org on 2019/01/25 18:03:56 UTC
svn commit: r1852156 - in /jmeter/trunk: LICENSE build.properties build.xml
eclipse.classpath lib/ lib/aareadme.txt res/maven/ApacheJMeter_parent.pom
xdocs/changes.xml
Author: pmouawad
Date: Fri Jan 25 18:03:56 2019
New Revision: 1852156
URL: http://svn.apache.org/viewvc?rev=1852156&view=rev
Log:
Bug 63090 - Remove slf4j-ext due to CVE-2018-8088
Bugzilla Id: 63090
Modified:
jmeter/trunk/LICENSE
jmeter/trunk/build.properties
jmeter/trunk/build.xml
jmeter/trunk/eclipse.classpath
jmeter/trunk/lib/ (props changed)
jmeter/trunk/lib/aareadme.txt
jmeter/trunk/res/maven/ApacheJMeter_parent.pom
jmeter/trunk/xdocs/changes.xml
Modified: jmeter/trunk/LICENSE
URL: http://svn.apache.org/viewvc/jmeter/trunk/LICENSE?rev=1852156&r1=1852155&r2=1852156&view=diff
==============================================================================
--- jmeter/trunk/LICENSE [utf-8] (original)
+++ jmeter/trunk/LICENSE [utf-8] Fri Jan 25 18:03:56 2019
@@ -283,7 +283,6 @@ For details, please see the files under:
* rhino-1.7.10.jar (MPL 2.0)
* rsyntaxtextarea-3.0.2.jar (BSD)
* slf4j-api-1.7.25.jar (MIT)
-* slf4j-ext-1.7.25.jar (MIT)
* xmlpull-1.1.3.1.jar (Public Domain)
* xpp3-1.1.4c.jar (Indiana University Extreme! Lab Software License 1.1.1)
* xstream-1.4.11.jar (BSD)
Modified: jmeter/trunk/build.properties
URL: http://svn.apache.org/viewvc/jmeter/trunk/build.properties?rev=1852156&r1=1852155&r2=1852156&view=diff
==============================================================================
--- jmeter/trunk/build.properties (original)
+++ jmeter/trunk/build.properties Fri Jan 25 18:03:56 2019
@@ -330,11 +330,6 @@ slf4j-api.jar = slf4j-api-
slf4j-api.loc = ${maven2.repo}/org/slf4j/slf4j-api/${slf4j-api.version}
slf4j-api.sha512 = 5DD6271FD5B34579D8E66271BAB75C89BACA8B2EBEAA9966DE391284BD08F2D720083C6E0E1EDDA106ECF8A04E9A32116DE6873F0F88C19C049C0FE27E5D820B
-slf4j-ext.version = 1.7.25
-slf4j-ext.jar = slf4j-ext-${slf4j-ext.version}.jar
-slf4j-ext.loc = ${maven2.repo}/org/slf4j/slf4j-ext/${slf4j-ext.version}
-slf4j-ext.sha512 = 04EC30ABC9CFC6A895ACEB60FF67A1883A066196BD06B7E7440375F54ECAEC3487310974EAABD8401F85B6FA1D53E15541394359D78427CC32894709205E8279
-
jcl-over-slf4j.version = 1.7.25
jcl-over-slf4j.jar = jcl-over-slf4j-${jcl-over-slf4j.version}.jar
jcl-over-slf4j.loc = ${maven2.repo}/org/slf4j/jcl-over-slf4j/${jcl-over-slf4j.version}
Modified: jmeter/trunk/build.xml
URL: http://svn.apache.org/viewvc/jmeter/trunk/build.xml?rev=1852156&r1=1852155&r2=1852156&view=diff
==============================================================================
--- jmeter/trunk/build.xml (original)
+++ jmeter/trunk/build.xml Fri Jan 25 18:03:56 2019
@@ -447,7 +447,6 @@
<include name="${lib.dir}/${rsyntaxtextarea.jar}"/>
<include name="${lib.dir}/${serializer.jar}"/>
<include name="${lib.dir}/${slf4j-api.jar}"/>
- <include name="${lib.dir}/${slf4j-ext.jar}"/>
<include name="${lib.dir}/${log4j-api.jar}"/>
<include name="${lib.dir}/${jtidy.jar}"/>
<include name="${lib.dir}/${tika-core.jar}"/>
@@ -536,7 +535,6 @@
<pathelement location="${lib.dir}/${rsyntaxtextarea.jar}"/>
<pathelement location="${lib.dir}/${serializer.jar}"/>
<pathelement location="${lib.dir}/${slf4j-api.jar}"/>
- <pathelement location="${lib.dir}/${slf4j-ext.jar}"/>
<pathelement location="${lib.dir}/${spock-core.jar}"/>
<pathelement location="${lib.dir}/${cglib-nodep.jar}"/>
<pathelement location="${lib.dir}/${objenesis.jar}"/>
@@ -3499,7 +3497,6 @@ run JMeter unless all the JMeter jars ar
<process_jarfile jarname="rsyntaxtextarea"/>
<process_jarfile jarname="serializer"/>
<process_jarfile jarname="slf4j-api"/>
- <process_jarfile jarname="slf4j-ext"/>
<process_jarfile jarname="jcl-over-slf4j"/>
<process_jarfile jarname="log4j-api"/>
<process_jarfile jarname="log4j-1.2-api"/>
@@ -3577,6 +3574,8 @@ run JMeter unless all the JMeter jars ar
<!-- tidy up unused logkit jars -->
<fileset dir="${lib.dir}" includes="logkit-2.0.jar"/>
<fileset dir="${lib.opt}" includes="org.jacoco.ant-*-nodeps.jar" excludes="${jacocoant.jar}"/>
+ <!-- tidy up unused slf4j-ext jar -->
+ <fileset dir="${lib.dir}" includes="slf4j-ext-1.7.25.jar" />
</delete>
<antcall target="_process_all_jars">
<param name="_get_file" value="true"/>
Modified: jmeter/trunk/eclipse.classpath
URL: http://svn.apache.org/viewvc/jmeter/trunk/eclipse.classpath?rev=1852156&r1=1852155&r2=1852156&view=diff
==============================================================================
--- jmeter/trunk/eclipse.classpath (original)
+++ jmeter/trunk/eclipse.classpath Fri Jan 25 18:03:56 2019
@@ -104,7 +104,6 @@
<classpathentry kind="lib" path="lib/Saxon-HE-9.8.0-14.jar"/>
<classpathentry kind="lib" path="lib/serializer-2.7.2.jar"/>
<classpathentry kind="lib" path="lib/slf4j-api-1.7.25.jar"/>
- <classpathentry kind="lib" path="lib/slf4j-ext-1.7.25.jar"/>
<classpathentry kind="lib" path="lib/tika-core-1.20.jar"/>
<classpathentry kind="lib" path="lib/tika-parsers-1.20.jar"/>
<classpathentry kind="lib" path="lib/xalan-2.7.2.jar"/>
Propchange: jmeter/trunk/lib/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Fri Jan 25 18:03:56 2019
@@ -66,7 +66,6 @@ rhino-1.7.10.jar
Saxon-HE-9.8.0-14.jar
serializer-2.7.2.jar
slf4j-api-1.7.25.jar
-slf4j-ext-1.7.25.jar
spock-core-1.0-groovy-2.4.jar
tika-core-1.20.jar
tika-parsers-1.20.jar
Modified: jmeter/trunk/lib/aareadme.txt
URL: http://svn.apache.org/viewvc/jmeter/trunk/lib/aareadme.txt?rev=1852156&r1=1852155&r2=1852156&view=diff
==============================================================================
--- jmeter/trunk/lib/aareadme.txt (original)
+++ jmeter/trunk/lib/aareadme.txt Fri Jan 25 18:03:56 2019
@@ -247,6 +247,7 @@ slf4j-api-1.7.25
http://www.slf4j.org/
- jodd-core
- json-path
+- jmeter internal logging
tika-1.20
--------------
Modified: jmeter/trunk/res/maven/ApacheJMeter_parent.pom
URL: http://svn.apache.org/viewvc/jmeter/trunk/res/maven/ApacheJMeter_parent.pom?rev=1852156&r1=1852155&r2=1852156&view=diff
==============================================================================
--- jmeter/trunk/res/maven/ApacheJMeter_parent.pom (original)
+++ jmeter/trunk/res/maven/ApacheJMeter_parent.pom Fri Jan 25 18:03:56 2019
@@ -105,7 +105,6 @@ under the License.
<rsyntaxtextarea.version>3.0.2</rsyntaxtextarea.version>
<Saxon-HE.version>9.8.0-14</Saxon-HE.version>
<slf4j-api.version>1.7.25</slf4j-api.version>
- <slf4j-ext.version>1.7.25</slf4j-ext.version>
<log4j-api.version>2.11.1</log4j-api.version>
<log4j-core.version>2.11.1</log4j-core.version>
<log4j-slf4j-impl.version>2.11.1</log4j-slf4j-impl.version>
@@ -459,11 +458,6 @@ under the License.
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
- <artifactId>slf4j-ext</artifactId>
- <version>${slf4j-ext.version}</version>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>${jcl-over-slf4j.version}</version>
</dependency>
Modified: jmeter/trunk/xdocs/changes.xml
URL: http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1852156&r1=1852155&r2=1852156&view=diff
==============================================================================
--- jmeter/trunk/xdocs/changes.xml [utf-8] (original)
+++ jmeter/trunk/xdocs/changes.xml [utf-8] Fri Jan 25 18:03:56 2019
@@ -83,6 +83,8 @@ of previous time slot as a base. Startin
</ul>
See <bugzilla>63094</bugzilla>
</li>
+<li>slf4j-ext has been removed from libraries (lib folder) and JMeter pom. It was not used by default and due to CVE-2018-8088 and unavailability of a stable version
+containing a fix to this issue, we decided to remove it. If you still needed, you can add it in lib folder.</li>
</ul>
<!-- =================== Improvements =================== -->
@@ -261,6 +263,7 @@ See <bugzilla>63094</bugzilla>
<li><bug>63099</bug>Escape commata in function helper dialog only outside of variable replacement structures.</li>
<li><bug>63105</bug>Export Transactions for Report: fix 2 bugs</li>
<li><bug>63106</bug>Apply naming policy does not refresh UI</li>
+ <li><bug>63090</bug>Remove slf4j-ext due to CVE-2018-8088</li>
</ul>
<!-- =================== Thanks =================== -->