You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cl...@apache.org on 2021/12/17 02:25:55 UTC

[activemq-artemis] branch main updated: ARTEMIS-3612 update Hawtio and strip Log4j from console web app

This is an automated email from the ASF dual-hosted git repository.

clebertsuconic pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git


The following commit(s) were added to refs/heads/main by this push:
     new 2e3c69c  ARTEMIS-3612 update Hawtio and strip Log4j from console web app
2e3c69c is described below

commit 2e3c69c9c8df200ab2c1ab202ebe8da0ea5a5652
Author: Justin Bertram <jb...@apache.org>
AuthorDate: Thu Dec 16 11:50:14 2021 -0600

    ARTEMIS-3612 update Hawtio and strip Log4j from console web app
    
    Move to the latest release of Hawtio 2.14.x.
    
    Also, remove the Log4j archives from the web console application. It's
    not necessary to include Log4j archives because Hawtio itself uses SLF4J
    and the logging implementation will be provided by the broker runtime.
    We already do this for SLF4J.
    
    While not strictly necessary, removing Log4j will ease concerns about
    security issues such as the recently announced CVE-2021-44228.
---
 artemis-hawtio/artemis-console/pom.xml | 7 +++++--
 artemis-hawtio/pom.xml                 | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/artemis-hawtio/artemis-console/pom.xml b/artemis-hawtio/artemis-console/pom.xml
index 7a75a46..a957137 100644
--- a/artemis-hawtio/artemis-console/pom.xml
+++ b/artemis-hawtio/artemis-console/pom.xml
@@ -34,7 +34,7 @@
   <properties>
     <activemq.basedir>${project.basedir}/../..</activemq.basedir>
   </properties>
-  
+
   <dependencies>
     <dependency>
       <groupId>org.apache.geronimo.specs</groupId>
@@ -82,7 +82,10 @@
         <artifactId>maven-war-plugin</artifactId>
         <configuration>
           <useCache>true</useCache>
-          <packagingExcludes>**/lib/slf4j*.jar</packagingExcludes>
+          <packagingExcludes>
+            **/lib/slf4j*.jar,
+            **/lib/log4j*.jar
+          </packagingExcludes>
           <failOnMissingWebXml>false</failOnMissingWebXml>
           <webResources>
             <resource>
diff --git a/artemis-hawtio/pom.xml b/artemis-hawtio/pom.xml
index 13e989c..c0091cb 100644
--- a/artemis-hawtio/pom.xml
+++ b/artemis-hawtio/pom.xml
@@ -35,7 +35,7 @@
 
         <activemq.basedir>${project.basedir}/..</activemq.basedir>
 
-        <hawtio.version>2.14.0</hawtio.version>
+        <hawtio.version>2.14.2</hawtio.version>
         <jline.version>3.2.0</jline.version>
         <junit-version>4.11</junit-version>
         <log4j-version>1.2.17</log4j-version>