Update Log4J2 to 2.17.0 (#3198)

* Update Log4J2 to 2.17.0 Security update: upgrade log4j2 to 2.17.0 Signed-off-by: Danno Ferrin <[email protected]> * build fixes from 22.1.x line Signed-off-by: Danno Ferrin <[email protected]>
hyperledger · Dec 19, 2021 · e734059 · e734059
1 parent 15f0de7
commit e734059
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 40 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -6,15 +6,15 @@ orbs:
 executors:
   besu_executor_med: # 2cpu, 4G ram
     docker:
-      - image: circleci/openjdk:11.0.12-jdk-buster
+      - image: cimg/openjdk:11.0
     resource_class: medium
     working_directory: ~/project
     environment:
       GRADLE_OPTS: -Dorg.gradle.daemon=false -Dorg.gradle.parallel=true -Dorg.gradle.workers.max=2
 
   besu_executor_xl: # 8cpu, 16G ram
     docker:
-      - image: circleci/openjdk:11.0.12-jdk-buster
+      - image: cimg/openjdk:11.0
     resource_class: xlarge
     working_directory: ~/project
     environment:
@@ -35,14 +35,11 @@ commands:
     steps:
       - checkout
       - run:
-          name: Install Packages - LibSodium, nssdb, solc
+          name: Install Packages - LibSodium, nssdb
           command: |
+            sudo add-apt-repository ppa:ethereum/ethereum
             sudo apt-get update
-            sudo apt-get install -y libsodium23 libsodium-dev apt-transport-https haveged libnss3-tools software-properties-common wget
-            curl -fsSL https://deb.nodesource.com/setup_14.x | sudo -E bash -
-            sudo apt-get update && sudo apt-get install -y nodejs
-            sudo wget https://github.com/ethereum/solc-bin/blob/gh-pages/linux-amd64/solc-linux-amd64-v0.8.9+commit.e5eed63a?raw=true -O /usr/bin/solc
-            sudo chmod +x /usr/bin/solc
+            sudo apt-get install -y libsodium23 libsodium-dev apt-transport-https haveged libnss3-tools solc
             sudo service haveged restart
       - restore_cache:
           name: Restore cached gradle dependencies
@@ -201,7 +198,7 @@ jobs:
               | circleci tests split --split-by=timings --timings-type=classname)
             # Format the arguments to "./gradlew test"
             GRADLE_ARGS=$(echo $CLASSNAMES | awk '{for (i=1; i<=NF; i++) print "--tests",$i}')
-            ./gradlew --no-daemon --info acceptanceTest $GRADLE_ARGS
+            ./gradlew --no-daemon acceptanceTest $GRADLE_ARGS
       - capture_test_results
       - capture_test_logs
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,39 +1,21 @@
 # Changelog
 
-## 22.1.0-RC
-
-### 22.1.0 Breaking Changes
-- Plugin API: BlockHeader.getBaseFee() method now returns an optional Wei instead of an optional Long [#3065](https://github.com/hyperledger/besu/issues/3065)
-
-### Additions and Improvements
-- Represent baseFee as Wei instead of long accordingly to the spec [#2785](https://github.com/hyperledger/besu/issues/2785)
-- Implements [EIP-4399](https://eips.ethereum.org/EIPS/eip-4399) to repurpose DIFFICULTY opcode after the merge as a source of entropy from the Beacon chain. [#3081](https://github.com/hyperledger/besu/issues/3081)
+## 21.10.5
 
 ### Bug Fixes
-- Update log4j to 2.16.0.
-- Change the base docker image from Debian Buster to Ubuntu 20.04 [#3171](https://github.com/hyperledger/besu/issues/3171) fixes [#3045](https://github.com/hyperledger/besu/issues/3045)
+- Update log4j2 to 2.17.0. [#3198](https://github.com/hyperledger/besu/pull/3198)
 
 ## 21.10.4
 
 ### Bug Fixes
-- Update log4j to 2.16.0.
+- Update log4j2 to 2.16.0.
 - Change the base docker image from Debian Buster to Ubuntu 20.04 [#3171](https://github.com/hyperledger/besu/issues/3171) fixes [#3045](https://github.com/hyperledger/besu/issues/3045)
 
-## 21.10.3
-
-### Additions and Improvements
-- Represent baseFee as Wei instead of long accordingly to the spec [#2785](https://github.com/hyperledger/besu/issues/2785)
-- Adding support of the NO_COLOR environment variable as described in the [NO_COLOR](https://no-color.org/) standard [#3085](https://github.com/hyperledger/besu/pull/3085)
-- Add `privx_findFlexiblePrivacyGroup` RPC Method, `privx_findOnchainPrivacyGroup` will be removed in a future release [#3075](https://github.com/hyperledger/besu/pull/3075)
-- The invalid value is now shown when `--bootnodes` cannot parse an item to make it easier to identify which option is invalid. 
-- Adding two new options to be able to specify desired TLS protocol version and Java cipher suites [#3105](https://github.com/hyperledger/besu/pull/3105)
-- Implements [EIP-4399](https://eips.ethereum.org/EIPS/eip-4399) to repurpose DIFFICULTY opcode after the merge as a source of entropy from the Beacon chain. [#3081](https://github.com/hyperledger/besu/issues/3081)
-
-### Bug Fixes
-- Change the base docker image from Debian Buster to Ubuntu 20.04 [#3171](https://github.com/hyperledger/besu/issues/3171) fixes [#3045](https://github.com/hyperledger/besu/issues/3045)
-
-### Early Access Features
-- Add support for additional JWT authentication algorithms [#3017](https://github.com/hyperledger/besu/pull/3017)
+### Download Links
+https://hyperledger.jfrog.io/artifactory/besu-binaries/besu/21.10.4/besu-21.10.4.tar.gz \
+SHA256 ed21ee852c261e1a123db5fa6f5826bfc925756d74e1ec42a9580d77874280fa
+https://hyperledger.jfrog.io/artifactory/besu-binaries/besu/21.10.4/besu-21.10.4.zip \
+SHA256 ef730e42bc47605f5f863c7f700e3dc1e513a53e29ab5e52ffbd31174a112375
 
 ## 21.10.3
 

diff --git a/build.gradle b/build.gradle
@@ -22,7 +22,7 @@ import java.text.SimpleDateFormat
 plugins {
   id 'com.diffplug.spotless' version '5.14.2'
   id 'com.github.ben-manes.versions' version '0.39.0'
-  id 'com.github.hierynomus.license' version '0.16.1'
+  id 'com.github.hierynomus.license' version '0.16.1-fix'
   id 'com.jfrog.artifactory' version '4.24.14'
   id 'io.spring.dependency-management' version '1.0.11.RELEASE'
   id 'me.champeau.jmh' version '0.6.6' apply false
@@ -37,6 +37,7 @@ sonarqube {
     property "sonar.organization", "hyperledger"
     property "sonar.host.url", "https://sonarcloud.io"
     property "sonar.coverage.jacoco.xmlReportPaths", "${buildDir}/reports/jacoco/jacocoRootReport/jacocoRootReport.xml"
+    property "sonar.coverage.exclusions", "acceptance-tests/**/*"
   }
 }
 

diff --git a/gradle/versions.gradle b/gradle/versions.gradle
@@ -100,10 +100,10 @@ dependencyManagement {
     dependency 'org.apache.commons:commons-compress:1.21'
     dependency 'org.apache.commons:commons-text:1.9'
 
-    dependency 'org.apache.logging.log4j:log4j-api:2.16.0'
-    dependency 'org.apache.logging.log4j:log4j-core:2.16.0'
-    dependency 'org.apache.logging.log4j:log4j-jul:2.16.0'
-    dependency 'org.apache.logging.log4j:log4j-slf4j-impl:2.16.0'
+    dependency 'org.apache.logging.log4j:log4j-api:2.17.0'
+    dependency 'org.apache.logging.log4j:log4j-core:2.17.0'
+    dependency 'org.apache.logging.log4j:log4j-jul:2.17.0'
+    dependency 'org.apache.logging.log4j:log4j-slf4j-impl:2.17.0'
 
     dependency 'org.apache.tuweni:tuweni-bytes:2.0.0'
     dependency 'org.apache.tuweni:tuweni-config:2.0.0'

diff --git a/settings.gradle b/settings.gradle
@@ -13,6 +13,21 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
+
+pluginManagement {
+  repositories {
+    gradlePluginPortal()
+    /*
+     *  Temporary repository to host the improved version of the
+     *  com.github.hierynomus.license plugin. Can be removed when an
+     *  official version with the fix is release upstream
+     */
+    maven {
+      url = uri("https://raw.githubusercontent.com/ConsenSys/license-gradle-plugin-fix-artifacts/main/")
+    }
+  }
+}
+
 rootProject.name='besu'
 include 'acceptance-tests:test-plugins'
 include 'acceptance-tests:dsl'