bugfix: 修复log4j1.x配置代码执行漏洞(CVE-2021-4104) TencentBlueKing#1756

liuliaozhong · Feb 22, 2023 · c937713 · c937713
1 parent 943a39b
commit c937713
Show file tree

Hide file tree

Showing 6 changed files with 14 additions and 2 deletions.
diff --git a/src/backend/build.gradle b/src/backend/build.gradle
@@ -90,6 +90,8 @@ ext {
     // https://mvnrepository.com/artifact/org.apache.commons/commons-pool2
     set('apacheCommonsPoolVersion', "2.11.1")
     set('apacheCommonsCodecVersion', "1.14")
+    set('apacheCuratorFrameworkVersion', "5.4.0")
+    set('apacheCuratorRecipesVersion', "5.4.0")
     set('commonsCollectionsVersion', "3.2.2")
     set('dozerVersion', "5.5.1")
     set('jedisVersion', "3.0.1")
@@ -227,6 +229,8 @@ subprojects {
             dependency "org.apache.commons:commons-collections4:$apacheCommonsCollectionVersion"
             dependency "org.apache.commons:commons-pool2:$apacheCommonsPoolVersion"
             dependency "org.apache.commons:commons-lang3:$apacheCommonsLang3Version"
+            dependency "org.apache.curator:curator-framework:$apacheCuratorFrameworkVersion"
+            dependency "org.apache.curator:curator-recipes:$apacheCuratorRecipesVersion"
             dependency "commons-collections:commons-collections:$commonsCollectionsVersion"
             dependency "commons-io:commons-io:$commonsIOVersion"
             dependency "commons-codec:commons-codec:$apacheCommonsCodecVersion"

diff --git a/src/backend/job-execute/service-job-execute/build.gradle b/src/backend/job-execute/service-job-execute/build.gradle
@@ -53,9 +53,9 @@ dependencies {
     implementation 'io.micrometer:micrometer-registry-prometheus'
     implementation "org.hibernate.validator:hibernate-validator"
     // https://mvnrepository.com/artifact/org.apache.curator/curator-framework
-    api(group: 'org.apache.curator', name: 'curator-framework', version: '5.1.0')
+    api(group: 'org.apache.curator', name: 'curator-framework')
     // https://mvnrepository.com/artifact/org.apache.curator/curator-recipes
-    api(group: 'org.apache.curator', name: 'curator-recipes', version: '5.1.0')
+    api(group: 'org.apache.curator', name: 'curator-recipes')
 
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     testImplementation 'org.apache.commons:commons-lang3'

diff --git a/support-files/dependJarInfo/md5List.txt b/support-files/dependJarInfo/md5List.txt
@@ -34,6 +34,8 @@ a69448e8c1e24d989266083c301e354b
 fa752c3cb5474b05e14bf2ed7e242020
 040b4b4d8eac886f6b4a2a3bd2f31b00
 08c4c1bdf25e2e30c2615bc477c3b36c
+1fbff4f1b23cc418d1a4d9d0f12f93b5
+955750f1af38c1c2382b96e128810f99
 3b76e3e8bb6814dd418b058c6c8e1b3b
 54eec02e942f50ffea7e147f33cd85f7
 67beeee58df00366100061c7da82f4c2

diff --git a/support-files/dependJarInfo/nameList.txt b/support-files/dependJarInfo/nameList.txt
@@ -34,6 +34,8 @@ commons-lang
 commons-lang3
 commons-logging
 commons-pool2
+curator-framework
+curator-recipes
 consul-api
 dozer
 error_prone_annotations

diff --git a/support-files/dependJarInfo/orgList.txt b/support-files/dependJarInfo/orgList.txt
@@ -34,6 +34,8 @@ commons-lang
 org.apache.commons
 commons-logging
 org.apache.commons
+org.apache.curator
+org.apache.curator
 com.ecwid.consul
 net.sf.dozer
 com.google.errorprone

diff --git a/support-files/dependJarInfo/versionList.txt b/support-files/dependJarInfo/versionList.txt
@@ -34,6 +34,8 @@
 3.9
 1.2
 2.8.0
+5.4.0
+5.4.0
 1.4.1
 5.5.1
 2.3.4
-Original file line number
+Diff line change
@@ Expand Up / @@ -34,6 +34,8 @@ @@
 .9
 .2
 .8.0
+.4.0
+.4.0
 .4.1
 .5.1
 .3.4
@@ Expand Down @@