Skip to content

Commit

Permalink
Upgrade log4j2 to 2.15.0 for CVE-2021-44228
Browse files Browse the repository at this point in the history
  • Loading branch information
wu-sheng committed Dec 10, 2021
1 parent d5aa37c commit c3dd317
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 91 deletions.
89 changes: 2 additions & 87 deletions CHANGES.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,97 +2,12 @@ Changes by Version
==================
Release Notes.

8.9.0
8.9.1
------------------

#### Project

* E2E tests immigrate to e2e-v2.
* Support JDK 16 and 17.
* Add Docker images for arm64 architecture.

#### OAP Server

* Add component definition for `Jackson`.
* Fix that zipkin-receiver plugin is not packaged into dist.
* Upgrade Armeria to 1.12, upgrade OpenSearch test version to 1.1.0.
* Add component definition for `Apache-Kylin`.
* Enhance `get` generation mechanism of OAL engine, support map type of source's field.
* Add `tag`(Map) into All, Service, ServiceInstance and Endpoint sources.
* Fix `funcParamExpression` and `literalExpression` can't be used in the same aggregation function.
* Support cast statement in the OAL core engine.
* Support `(str->long)` and `(long)` for string to long cast statement.
* Support `(str->int)` and `(int)` for string to int cast statement.
* Support Long literal number in the OAL core engine.
* Support literal `string` as parameter of aggregation function.
* Add `attributeExpression` and `attributeExpressionSegment` in the OAL grammar tree to support `map` type for the
attribute expression.
* Refactor the OAL compiler context to improve readability.
* Fix wrong generated codes of `hashCode` and `remoteHashCode` methods for numeric fields.
* Support `!= null` in OAL engine.
* Add `Message Queue Consuming Count` metric for MQ consuming service and endpoint.
* Add `Message Queue Avg Consuming Latency` metric for MQ consuming service and endpoint.
* Support `-Inf` as bucket in the meter system.
* Fix setting wrong field when combining `Event`s.
* Support search browser service.
* Add `getProfileTaskLogs` to profile query protocol.
* Set `SW_KAFKA_FETCHER_ENABLE_NATIVE_PROTO_LOG`, `SW_KAFKA_FETCHER_ENABLE_NATIVE_JSON_LOG` default `true`.
* Fix unexpected deleting due to TTL mechanism bug for H2, MySQL, TiDB and PostgreSQL.
* Add a GraphQL query to get OAP version, display OAP version in startup message and error logs.
* Fix TimeBucket missing in H2, MySQL, TiDB and PostgreSQL bug, which causes TTL doesn't work for `service_traffic`.
* Fix TimeBucket missing in ElasticSearch and provide compatible `storage2Entity` for previous versions.
* Fix ElasticSearch implementation of `queryMetricsValues` and `readLabeledMetricsValues` doesn't fill default values
when no available data in the ElasticSearch server.
* Fix config yaml data type conversion bug when meets special character like !.
* Optimize metrics of minute dimensionality persistence. The value of metrics, which has declaration of the default
value and current value equals the default value logically, the whole row wouldn't be pushed into database.
* Fix `max` function in OAL doesn't support negative long.
* Add `MicroBench` module to make it easier for developers to write JMH test.
* Upgrade Kubernetes Java client to 14.0.0, supports GCP token refreshing and fixes some bugs.
* Change `SO11Y` metric `envoy_als_in_count` to calculate the ALS message count.
* Support Istio `1.10.3`, `1.11.4`, `1.12.0` release.(Tested through e2e)
* Add filter mechanism in MAL core to filter metrics.
* Fix concurrency bug in MAL `increase`-related calculation.
* Fix a null pointer bug when building `SampleFamily`.
* Fix the so11y latency of persistence execution latency not correct in ElasticSearch storage.
* Add `MeterReportService` `collectBatch` method.
* Add OpenSearch 1.2.0 to test and verify it works.
* Upgrade grpc-java to 1.42.1 and protoc to 3.17.3 to allow using native Mac osx-aarch_64 artifacts.
* Fix TopologyQuery.loadEndpointRelation bug.
* Support using IoTDB as a new storage option.
* Add customized envoy ALS protocol receiver for satellite transmit batch data.
* Remove `logback` dependencies in IoTDB plugin.
* Fix `StorageModuleElasticsearchProvider` doesn't watch on `trustStorePath`.
* Fix a wrong check about entity if GraphQL at the endpoint relation level.

#### UI

* Optimize endpoint dependency.
* Show service name by hovering nodes in the sankey chart.
* Add Apache Kylin logo.
* Add ClickHouse logo.
* Optimize the style and add tips for log conditions.
* Fix the condition for trace table.
* Optimize profile functions.
* Implement a reminder to clear cache for dashboard templates.
* Support +/- hh:mm in TimeZone setting.
* Optimize global settings.
* Fix current endpoint for endpoint dependency.
* Add version in the global settings popup.
* Optimize Log page style.
* Avoid some abnormal settings.
* Fix query condition of events.

#### Documentation

* Enhance documents about the data report and query protocols.
* Restructure documents about receivers and fetchers.
1. Remove general receiver and fetcher docs
2. Add more specific menu with docs to help users to find documents easier.
* Add a guidance doc about the logic endpoint.
* Link Satellite as Load Balancer documentation and compatibility with satellite.

All issues and pull requests are [here](https://github.com/apache/skywalking/milestone/101?closed=1)
* Upgrade log4j2 to 2.15.0 for CVE-2021-44228

------------------
Find change logs of all versions [here](changes).
2 changes: 1 addition & 1 deletion oap-server-bom/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@

<properties>
<slf4j.version>1.7.30</slf4j.version>
<log4j.version>2.14.1</log4j.version>
<log4j.version>2.15.0</log4j.version>
<graphql-java-tools.version>5.2.3</graphql-java-tools.version>
<graphql-java.version>8.0</graphql-java.version>
<okhttp.version>3.14.9</okhttp.version>
Expand Down
6 changes: 3 additions & 3 deletions tools/dependencies/known-oap-backend-dependencies.txt
Original file line number Diff line number Diff line change
Expand Up @@ -93,10 +93,10 @@ kotlin-reflect-1.1.1.jar
kotlin-stdlib-1.1.60.jar
libthrift-0.14.1.jar
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
log4j-api-2.14.1.jar
log4j-core-2.14.1.jar
log4j-api-2.15.0.jar
log4j-core-2.15.0.jar
log4j-over-slf4j-1.7.30.jar
log4j-slf4j-impl-2.14.1.jar
log4j-slf4j-impl-2.15.0.jar
logging-interceptor-3.13.1.jar
lz4-java-1.6.0.jar
micrometer-core-1.7.4.jar
Expand Down

0 comments on commit c3dd317

Please sign in to comment.