You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@storm.apache.org by bi...@apache.org on 2022/03/09 16:52:22 UTC
[storm] 04/05: STORM-3831 exclude older log4j (#3451)
This is an automated email from the ASF dual-hosted git repository.
bipinprasad pushed a commit to branch 2.4.x-branch
in repository https://gitbox.apache.org/repos/asf/storm.git
commit 7a0b4ff04f63cff300f19856bd217555f613491e
Author: Aaron Gresch <ag...@gmail.com>
AuthorDate: Wed Mar 9 09:13:12 2022 -0600
STORM-3831 exclude older log4j (#3451)
---
DEPENDENCY-LICENSES | 8 ++++----
LICENSE-binary | 8 ++++----
external/storm-autocreds/pom.xml | 12 ++++++++++++
external/storm-blobstore-migration/pom.xml | 18 ++++++++++++++++++
external/storm-hdfs-blobstore/pom.xml | 4 ++++
external/storm-hdfs-oci/pom.xml | 6 +++++-
external/storm-hdfs/pom.xml | 12 ++++++++++++
external/storm-hive/pom.xml | 12 ++++++++++++
external/storm-solr/pom.xml | 10 ++++++++++
pom.xml | 2 +-
sql/storm-sql-external/storm-sql-hdfs/pom.xml | 4 ++++
11 files changed, 86 insertions(+), 10 deletions(-)
diff --git a/DEPENDENCY-LICENSES b/DEPENDENCY-LICENSES
index 3c7263a..385f5c7 100644
--- a/DEPENDENCY-LICENSES
+++ b/DEPENDENCY-LICENSES
@@ -5,7 +5,7 @@ List of third-party dependencies grouped by their license type.
Apache License
* HttpClient (commons-httpclient:commons-httpclient:3.0.1 - http://jakarta.apache.org/commons/httpclient/)
- * Log4j Implemented Over SLF4J (org.slf4j:log4j-over-slf4j:1.7.26 - http://www.slf4j.org)
+ * Log4j Implemented Over SLF4J (org.slf4j:log4j-over-slf4j:1.7.36 - http://www.slf4j.org)
Apache License, Version 2.0
@@ -108,7 +108,6 @@ List of third-party dependencies grouped by their license type.
* Apache HttpCore NIO (org.apache.httpcomponents:httpcore-nio:4.4.5 - http://hc.apache.org/httpcomponents-core-ga)
* Apache Ivy (org.apache.ivy:ivy:2.4.0 - http://ant.apache.org/ivy/)
* Apache Kafka (org.apache.kafka:kafka-clients:0.11.0.3 - http://kafka.apache.org)
- * Apache Log4j (log4j:log4j:1.2.17 - http://logging.apache.org/log4j/1.2/)
* Apache Log4j 1.x Compatibility API (org.apache.logging.log4j:log4j-1.2-api:2.17.1 - https://logging.apache.org/log4j/2.x/log4j-1.2-api/)
* Apache Log4j API (org.apache.logging.log4j:log4j-api:2.17.1 - https://logging.apache.org/log4j/2.x/log4j-api/)
* Apache Log4j Core (org.apache.logging.log4j:log4j-core:2.17.1 - https://logging.apache.org/log4j/2.x/log4j-core/)
@@ -451,6 +450,7 @@ List of third-party dependencies grouped by their license type.
* Plexus Security Dispatcher Component (org.sonatype.plexus:plexus-sec-dispatcher:1.3 - http://spice.sonatype.org/plexus-sec-dispatcher)
* Plexus Security Dispatcher Component (org.sonatype.plexus:plexus-sec-dispatcher:1.4 - http://spice.sonatype.org/plexus-sec-dispatcher)
* Proton-J (org.apache.qpid:proton-j:0.18.0 - http://qpid.apache.org/proton/proton-j)
+ * reload4j (ch.qos.reload4j:reload4j:1.2.19 - https://reload4j.qos.ch)
* rest (org.elasticsearch.client:rest:5.2.2 - https://github.com/elastic/elasticsearch)
* rocketmq-client 4.2.0 (org.apache.rocketmq:rocketmq-client:4.2.0 - http://rocketmq.apache.org/rocketmq-client/)
* rocketmq-common 4.2.0 (org.apache.rocketmq:rocketmq-common:4.2.0 - http://rocketmq.apache.org/rocketmq-common/)
@@ -691,9 +691,9 @@ List of third-party dependencies grouped by their license type.
* jnr-x86asm (com.github.jnr:jnr-x86asm:1.0.2 - http://github.com/jnr/jnr-x86asm)
* Joni (org.jruby.joni:joni:2.1.11 - http://nexus.sonatype.org/oss-repository-hosting.html/joni)
* JUL to SLF4J bridge (org.slf4j:jul-to-slf4j:1.7.26 - http://www.slf4j.org)
- * SLF4J API Module (org.slf4j:slf4j-api:1.7.26 - http://www.slf4j.org)
+ * SLF4J API Module (org.slf4j:slf4j-api:1.7.36 - http://www.slf4j.org)
* SLF4J API Module (org.slf4j:slf4j-api:1.7.6 - http://www.slf4j.org)
- * SLF4J LOG4J-12 Binding (org.slf4j:slf4j-log4j12:1.7.26 - http://www.slf4j.org)
+ * SLF4J Reload4j Binding (org.slf4j:slf4j-reload4j:1.7.36 - http://reload4j.qos.ch)
* System Out and Err redirected to SLF4J (uk.org.lidalia:sysout-over-slf4j:1.0.2 - http://projects.lidalia.org.uk/sysout-over-slf4j/)
Mozilla Public License Version 1.1
diff --git a/LICENSE-binary b/LICENSE-binary
index 08c95de..90fb8d1 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -645,6 +645,7 @@ The license texts of these dependencies can be found in the licenses directory.
Apache License, Version 2.0
+ * reload4j (ch.qos.reload4j:reload4j:1.2.19 - https://reload4j.qos.ch)
* HttpClient (commons-httpclient:commons-httpclient:3.0.1 - http://jakarta.apache.org/commons/httpclient/)
* Plexus Common Utilities (org.codehaus.plexus:plexus-utils:3.1.0 - http://codehaus-plexus.github.io/plexus-utils/)
* Maven Artifact (org.apache.maven:maven-artifact:3.6.0 - https://maven.apache.org/ref/3.6.0/maven-artifact/)
@@ -746,7 +747,6 @@ The license texts of these dependencies can be found in the licenses directory.
* Apache HttpCore (org.apache.httpcomponents:httpcore:4.4.10 - http://hc.apache.org/httpcomponents-core-ga)
* Apache Ivy (org.apache.ivy:ivy:2.4.0 - http://ant.apache.org/ivy/)
* Apache Kafka (org.apache.kafka:kafka-clients:0.11.0.3 - http://kafka.apache.org)
- * Apache Log4j (log4j:log4j:1.2.17 - http://logging.apache.org/log4j/1.2/)
* Apache Log4j 1.x Compatibility API (org.apache.logging.log4j:log4j-1.2-api:2.17.1 - https://logging.apache.org/log4j/2.x/log4j-1.2-api/)
* Apache Log4j API (org.apache.logging.log4j:log4j-api:2.17.1 - https://logging.apache.org/log4j/2.x/log4j-api/)
* Apache Log4j Core (org.apache.logging.log4j:log4j-core:2.17.1 - https://logging.apache.org/log4j/2.x/log4j-core/)
@@ -909,7 +909,7 @@ The license texts of these dependencies can be found in the licenses directory.
* Tephra API (co.cask.tephra:tephra-api:0.6.0 - https://github.com/caskdata/tephra/tephra-api)
* Tephra Core (co.cask.tephra:tephra-core:0.6.0 - https://github.com/caskdata/tephra/tephra-core)
* Tephra HBase 1.0 Compatibility (co.cask.tephra:tephra-hbase-compat-1.0:0.6.0 - https://github.com/caskdata/tephra/tephra-hbase-compat-1.0)
- * Log4j Implemented Over SLF4J (org.slf4j:log4j-over-slf4j:1.7.26 - http://www.slf4j.org)
+ * Log4j Implemented Over SLF4J (org.slf4j:log4j-over-slf4j:1.7.36 - http://www.slf4j.org)
* Jetty :: Aggregate :: All core Jetty (org.eclipse.jetty.aggregate:jetty-all:7.6.0.v20120127 - http://www.eclipse.org/jetty/jetty-aggregate-project/jetty-all)
* Jetty :: Continuation (org.eclipse.jetty:jetty-continuation:9.4.14.v20181114 - http://www.eclipse.org/jetty)
* Jetty :: Http Utility (org.eclipse.jetty:jetty-http:9.4.14.v20181114 - http://www.eclipse.org/jetty)
@@ -1044,9 +1044,9 @@ The license texts of these dependencies can be found in the licenses directory.
* JCL 1.2 implemented over SLF4J (org.slf4j:jcl-over-slf4j:1.7.25 - http://www.slf4j.org)
* JCL 1.2 implemented over SLF4J (org.slf4j:jcl-over-slf4j:1.7.26 - http://www.slf4j.org)
* JUL to SLF4J bridge (org.slf4j:jul-to-slf4j:1.7.26 - http://www.slf4j.org)
- * SLF4J API Module (org.slf4j:slf4j-api:1.7.26 - http://www.slf4j.org)
- * SLF4J LOG4J-12 Binding (org.slf4j:slf4j-log4j12:1.7.26 - http://www.slf4j.org)
+ * SLF4J API Module (org.slf4j:slf4j-api:1.7.36 - http://www.slf4j.org)
* Sysout over SLF4J (uk.org.lidalia:sysout-over-slf4j:1.0.2 - http://projects.lidalia.org.uk/sysout-over-slf4j/)
+ * SLF4J Reload4j Binding (org.slf4j:slf4j-reload4j:1.7.36 - http://reload4j.qos.ch)
Mozilla Public License Version 2.0
diff --git a/external/storm-autocreds/pom.xml b/external/storm-autocreds/pom.xml
index f585095..4b46d82 100644
--- a/external/storm-autocreds/pom.xml
+++ b/external/storm-autocreds/pom.xml
@@ -102,6 +102,10 @@
<version>${hbase.version}</version>
<exclusions>
<exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
@@ -123,6 +127,10 @@
<version>${hbase.version}</version>
<exclusions>
<exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
@@ -143,6 +151,10 @@
<version>${hive.version}</version>
<exclusions>
<exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
diff --git a/external/storm-blobstore-migration/pom.xml b/external/storm-blobstore-migration/pom.xml
index d782edd..ab52d93 100644
--- a/external/storm-blobstore-migration/pom.xml
+++ b/external/storm-blobstore-migration/pom.xml
@@ -67,16 +67,34 @@ limitations under the License.
<artifactId>hadoop-hdfs</artifactId>
<groupId>org.apache.hadoop</groupId>
<version>${hdfs.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<artifactId>hadoop-client</artifactId>
<groupId>org.apache.hadoop</groupId>
<version>${hadoop.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<artifactId>hadoop-common</artifactId>
<groupId>org.apache.hadoop</groupId>
<version>${hadoop.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
diff --git a/external/storm-hdfs-blobstore/pom.xml b/external/storm-hdfs-blobstore/pom.xml
index 66870a7..2a40f61 100644
--- a/external/storm-hdfs-blobstore/pom.xml
+++ b/external/storm-hdfs-blobstore/pom.xml
@@ -184,6 +184,10 @@
<version>${hadoop.version}</version>
<exclusions>
<exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
diff --git a/external/storm-hdfs-oci/pom.xml b/external/storm-hdfs-oci/pom.xml
index 33e7c0e..c2bb4b7 100644
--- a/external/storm-hdfs-oci/pom.xml
+++ b/external/storm-hdfs-oci/pom.xml
@@ -49,6 +49,10 @@
<scope>compile</scope>
<exclusions>
<exclusion>
+ <artifactId>log4j</artifactId>
+ <groupId>log4j</groupId>
+ </exclusion>
+ <exclusion>
<artifactId>protobuf-java</artifactId>
<groupId>com.google.protobuf</groupId>
</exclusion>
@@ -152,4 +156,4 @@
</plugins>
</build>
-</project>
\ No newline at end of file
+</project>
diff --git a/external/storm-hdfs/pom.xml b/external/storm-hdfs/pom.xml
index 764d2f6..99b7823 100644
--- a/external/storm-hdfs/pom.xml
+++ b/external/storm-hdfs/pom.xml
@@ -111,6 +111,10 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -119,6 +123,10 @@
<version>${hadoop.version}</version>
<exclusions>
<exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
@@ -197,6 +205,10 @@
<version>${hadoop.version}</version>
<exclusions>
<exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
diff --git a/external/storm-hive/pom.xml b/external/storm-hive/pom.xml
index b1ca833..5378d2d 100644
--- a/external/storm-hive/pom.xml
+++ b/external/storm-hive/pom.xml
@@ -101,6 +101,10 @@
<version>${hive.version}</version>
<exclusions>
<exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
@@ -128,6 +132,10 @@
<version>${hive.version}</version>
<exclusions>
<exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
@@ -169,6 +177,10 @@
<version>${hadoop.version}</version>
<exclusions>
<exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
diff --git a/external/storm-solr/pom.xml b/external/storm-solr/pom.xml
index a0eb640..031fb82 100644
--- a/external/storm-solr/pom.xml
+++ b/external/storm-solr/pom.xml
@@ -82,6 +82,10 @@
<scope>test</scope>
<exclusions>
<exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
<!-- This is leaking from hadoop-annotations. -->
<groupId>jdk.tools</groupId>
<artifactId>jdk.tools</artifactId>
@@ -93,6 +97,12 @@
<artifactId>solr-test-framework</artifactId>
<version>${solr.version}</version>
<scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
diff --git a/pom.xml b/pom.xml
index a9db4dc..582fd60 100644
--- a/pom.xml
+++ b/pom.xml
@@ -311,7 +311,7 @@
<netty.version>4.1.30.Final</netty.version>
<sysout-over-slf4j.version>1.0.2</sysout-over-slf4j.version>
<log4j.version>2.17.1</log4j.version>
- <slf4j.version>1.7.26</slf4j.version>
+ <slf4j.version>1.7.36</slf4j.version>
<metrics.version>3.2.6</metrics.version>
<mockito.version>3.0.0</mockito.version>
<zookeeper.version>3.5.9</zookeeper.version>
diff --git a/sql/storm-sql-external/storm-sql-hdfs/pom.xml b/sql/storm-sql-external/storm-sql-hdfs/pom.xml
index 6143452..77fb37d 100644
--- a/sql/storm-sql-external/storm-sql-hdfs/pom.xml
+++ b/sql/storm-sql-external/storm-sql-hdfs/pom.xml
@@ -83,6 +83,10 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
</exclusions>
<scope>test</scope>
</dependency>