From e734059f109de1776a00478246836074054f918d Mon Sep 17 00:00:00 2001 From: Danno Ferrin Date: Sat, 18 Dec 2021 22:45:03 -0700 Subject: [PATCH] Update Log4J2 to 2.17.0 (#3198) * Update Log4J2 to 2.17.0 Security update: upgrade log4j2 to 2.17.0 Signed-off-by: Danno Ferrin * build fixes from 22.1.x line Signed-off-by: Danno Ferrin --- .circleci/config.yml | 15 ++++++--------- CHANGELOG.md | 34 ++++++++-------------------------- build.gradle | 3 ++- gradle/versions.gradle | 8 ++++---- settings.gradle | 15 +++++++++++++++ 5 files changed, 35 insertions(+), 40 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index b07fced63f6..cf0ee2f4fdb 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -6,7 +6,7 @@ orbs: executors: besu_executor_med: # 2cpu, 4G ram docker: - - image: circleci/openjdk:11.0.12-jdk-buster + - image: cimg/openjdk:11.0 resource_class: medium working_directory: ~/project environment: @@ -14,7 +14,7 @@ executors: besu_executor_xl: # 8cpu, 16G ram docker: - - image: circleci/openjdk:11.0.12-jdk-buster + - image: cimg/openjdk:11.0 resource_class: xlarge working_directory: ~/project environment: @@ -35,14 +35,11 @@ commands: steps: - checkout - run: - name: Install Packages - LibSodium, nssdb, solc + name: Install Packages - LibSodium, nssdb command: | + sudo add-apt-repository ppa:ethereum/ethereum sudo apt-get update - sudo apt-get install -y libsodium23 libsodium-dev apt-transport-https haveged libnss3-tools software-properties-common wget - curl -fsSL https://deb.nodesource.com/setup_14.x | sudo -E bash - - sudo apt-get update && sudo apt-get install -y nodejs - sudo wget https://github.com/ethereum/solc-bin/blob/gh-pages/linux-amd64/solc-linux-amd64-v0.8.9+commit.e5eed63a?raw=true -O /usr/bin/solc - sudo chmod +x /usr/bin/solc + sudo apt-get install -y libsodium23 libsodium-dev apt-transport-https haveged libnss3-tools solc sudo service haveged restart - restore_cache: name: Restore cached gradle dependencies @@ -201,7 +198,7 @@ jobs: | circleci tests split --split-by=timings --timings-type=classname) # Format the arguments to "./gradlew test" GRADLE_ARGS=$(echo $CLASSNAMES | awk '{for (i=1; i<=NF; i++) print "--tests",$i}') - ./gradlew --no-daemon --info acceptanceTest $GRADLE_ARGS + ./gradlew --no-daemon acceptanceTest $GRADLE_ARGS - capture_test_results - capture_test_logs diff --git a/CHANGELOG.md b/CHANGELOG.md index 2f661ff8648..2faf3068991 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,39 +1,21 @@ # Changelog -## 22.1.0-RC - -### 22.1.0 Breaking Changes -- Plugin API: BlockHeader.getBaseFee() method now returns an optional Wei instead of an optional Long [#3065](https://github.com/hyperledger/besu/issues/3065) - -### Additions and Improvements -- Represent baseFee as Wei instead of long accordingly to the spec [#2785](https://github.com/hyperledger/besu/issues/2785) -- Implements [EIP-4399](https://eips.ethereum.org/EIPS/eip-4399) to repurpose DIFFICULTY opcode after the merge as a source of entropy from the Beacon chain. [#3081](https://github.com/hyperledger/besu/issues/3081) +## 21.10.5 ### Bug Fixes -- Update log4j to 2.16.0. -- Change the base docker image from Debian Buster to Ubuntu 20.04 [#3171](https://github.com/hyperledger/besu/issues/3171) fixes [#3045](https://github.com/hyperledger/besu/issues/3045) +- Update log4j2 to 2.17.0. [#3198](https://github.com/hyperledger/besu/pull/3198) ## 21.10.4 ### Bug Fixes -- Update log4j to 2.16.0. +- Update log4j2 to 2.16.0. - Change the base docker image from Debian Buster to Ubuntu 20.04 [#3171](https://github.com/hyperledger/besu/issues/3171) fixes [#3045](https://github.com/hyperledger/besu/issues/3045) -## 21.10.3 - -### Additions and Improvements -- Represent baseFee as Wei instead of long accordingly to the spec [#2785](https://github.com/hyperledger/besu/issues/2785) -- Adding support of the NO_COLOR environment variable as described in the [NO_COLOR](https://no-color.org/) standard [#3085](https://github.com/hyperledger/besu/pull/3085) -- Add `privx_findFlexiblePrivacyGroup` RPC Method, `privx_findOnchainPrivacyGroup` will be removed in a future release [#3075](https://github.com/hyperledger/besu/pull/3075) -- The invalid value is now shown when `--bootnodes` cannot parse an item to make it easier to identify which option is invalid. -- Adding two new options to be able to specify desired TLS protocol version and Java cipher suites [#3105](https://github.com/hyperledger/besu/pull/3105) -- Implements [EIP-4399](https://eips.ethereum.org/EIPS/eip-4399) to repurpose DIFFICULTY opcode after the merge as a source of entropy from the Beacon chain. [#3081](https://github.com/hyperledger/besu/issues/3081) - -### Bug Fixes -- Change the base docker image from Debian Buster to Ubuntu 20.04 [#3171](https://github.com/hyperledger/besu/issues/3171) fixes [#3045](https://github.com/hyperledger/besu/issues/3045) - -### Early Access Features -- Add support for additional JWT authentication algorithms [#3017](https://github.com/hyperledger/besu/pull/3017) +### Download Links +https://hyperledger.jfrog.io/artifactory/besu-binaries/besu/21.10.4/besu-21.10.4.tar.gz \ +SHA256 ed21ee852c261e1a123db5fa6f5826bfc925756d74e1ec42a9580d77874280fa +https://hyperledger.jfrog.io/artifactory/besu-binaries/besu/21.10.4/besu-21.10.4.zip \ +SHA256 ef730e42bc47605f5f863c7f700e3dc1e513a53e29ab5e52ffbd31174a112375 ## 21.10.3 diff --git a/build.gradle b/build.gradle index 0e966149d84..65054ed9895 100644 --- a/build.gradle +++ b/build.gradle @@ -22,7 +22,7 @@ import java.text.SimpleDateFormat plugins { id 'com.diffplug.spotless' version '5.14.2' id 'com.github.ben-manes.versions' version '0.39.0' - id 'com.github.hierynomus.license' version '0.16.1' + id 'com.github.hierynomus.license' version '0.16.1-fix' id 'com.jfrog.artifactory' version '4.24.14' id 'io.spring.dependency-management' version '1.0.11.RELEASE' id 'me.champeau.jmh' version '0.6.6' apply false @@ -37,6 +37,7 @@ sonarqube { property "sonar.organization", "hyperledger" property "sonar.host.url", "https://sonarcloud.io" property "sonar.coverage.jacoco.xmlReportPaths", "${buildDir}/reports/jacoco/jacocoRootReport/jacocoRootReport.xml" + property "sonar.coverage.exclusions", "acceptance-tests/**/*" } } diff --git a/gradle/versions.gradle b/gradle/versions.gradle index 5efa66cd2bf..24fdcc7320e 100644 --- a/gradle/versions.gradle +++ b/gradle/versions.gradle @@ -100,10 +100,10 @@ dependencyManagement { dependency 'org.apache.commons:commons-compress:1.21' dependency 'org.apache.commons:commons-text:1.9' - dependency 'org.apache.logging.log4j:log4j-api:2.16.0' - dependency 'org.apache.logging.log4j:log4j-core:2.16.0' - dependency 'org.apache.logging.log4j:log4j-jul:2.16.0' - dependency 'org.apache.logging.log4j:log4j-slf4j-impl:2.16.0' + dependency 'org.apache.logging.log4j:log4j-api:2.17.0' + dependency 'org.apache.logging.log4j:log4j-core:2.17.0' + dependency 'org.apache.logging.log4j:log4j-jul:2.17.0' + dependency 'org.apache.logging.log4j:log4j-slf4j-impl:2.17.0' dependency 'org.apache.tuweni:tuweni-bytes:2.0.0' dependency 'org.apache.tuweni:tuweni-config:2.0.0' diff --git a/settings.gradle b/settings.gradle index 2536f8ef6c1..687af636288 100644 --- a/settings.gradle +++ b/settings.gradle @@ -13,6 +13,21 @@ * SPDX-License-Identifier: Apache-2.0 */ + +pluginManagement { + repositories { + gradlePluginPortal() + /* + * Temporary repository to host the improved version of the + * com.github.hierynomus.license plugin. Can be removed when an + * official version with the fix is release upstream + */ + maven { + url = uri("https://raw.githubusercontent.com/ConsenSys/license-gradle-plugin-fix-artifacts/main/") + } + } +} + rootProject.name='besu' include 'acceptance-tests:test-plugins' include 'acceptance-tests:dsl'