From 1089bd8e6d64ec1fbff4baded31020a6f47aa6ae Mon Sep 17 00:00:00 2001 From: Przemyslaw Gomulka Date: Mon, 30 Sep 2019 16:51:11 +0200 Subject: [PATCH 1/4] Upgrade log4j to 2.15.0 Originally we tried to a log4j update in #47298, but we were unable to that due to the `DeprecationLoggerTests.testLogPermissions` test failing. The test relied on mocking and got removed in https://github.com/elastic/elasticsearch/pull/61474/files#diff-70de5a6ba5c637e7f19c51341417760d6e957beb5a1fa5703049095ea2719ee0L47 Now we should be able to the upgrade and then we can address the Security Manager permission questions raised in #47298 separately. --- build-tools-internal/version.properties | 2 +- modules/repository-url/build.gradle | 3 ++- .../licenses/log4j-1.2-api-2.11.1.jar.sha1 | 1 - .../licenses/log4j-1.2-api-2.15.0.jar.sha1 | 1 + plugins/discovery-azure-classic/build.gradle | 1 + .../licenses/log4j-1.2-api-2.11.1.jar.sha1 | 1 - .../licenses/log4j-1.2-api-2.15.0.jar.sha1 | 1 + plugins/discovery-ec2/build.gradle | 1 + .../licenses/log4j-1.2-api-2.11.1.jar.sha1 | 1 - .../licenses/log4j-1.2-api-2.15.0.jar.sha1 | 1 + plugins/discovery-gce/build.gradle | 6 ++++++ .../licenses/log4j-1.2-api-2.11.1.jar.sha1 | 1 - .../licenses/log4j-1.2-api-2.15.0.jar.sha1 | 1 + plugins/repository-gcs/build.gradle | 4 +++- .../licenses/log4j-1.2-api-2.11.1.jar.sha1 | 1 - .../licenses/log4j-1.2-api-2.15.0.jar.sha1 | 1 + .../licenses/log4j-1.2-api-2.11.1.jar.sha1 | 1 - .../licenses/log4j-1.2-api-2.15.0.jar.sha1 | 1 + .../licenses/log4j-slf4j-impl-2.11.1.jar.sha1 | 1 - .../licenses/log4j-slf4j-impl-2.15.0.jar.sha1 | 1 + plugins/repository-s3/build.gradle | 3 ++- .../licenses/log4j-1.2-api-2.11.1.jar.sha1 | 1 - .../licenses/log4j-1.2-api-2.15.0.jar.sha1 | 1 + server/build.gradle | 2 -- server/licenses/log4j-api-2.11.1.jar.sha1 | 1 - server/licenses/log4j-api-2.15.0.jar.sha1 | 1 + server/licenses/log4j-core-2.11.1.jar.sha1 | 1 - server/licenses/log4j-core-2.15.0.jar.sha1 | 1 + x-pack/plugin/core/build.gradle | 10 +++++++++- .../plugin/core/licenses/log4j-1.2-api-2.11.1.jar.sha1 | 1 - .../plugin/core/licenses/log4j-1.2-api-2.15.0.jar.sha1 | 1 + .../licenses/log4j-slf4j-impl-2.11.1.jar.sha1 | 1 - .../licenses/log4j-slf4j-impl-2.15.0.jar.sha1 | 1 + .../security/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 | 1 - .../security/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 | 1 + x-pack/plugin/sql/sql-action/build.gradle | 2 -- .../sql/sql-action/licenses/log4j-api-2.11.1.jar.sha1 | 1 - .../sql/sql-action/licenses/log4j-api-2.15.0.jar.sha1 | 1 + .../sql/sql-action/licenses/log4j-core-2.11.1.jar.sha1 | 1 - .../sql/sql-action/licenses/log4j-core-2.15.0.jar.sha1 | 1 + .../licenses/log4j-slf4j-impl-2.11.1.jar.sha1 | 1 - .../licenses/log4j-slf4j-impl-2.15.0.jar.sha1 | 1 + 42 files changed, 41 insertions(+), 25 deletions(-) delete mode 100644 modules/repository-url/licenses/log4j-1.2-api-2.11.1.jar.sha1 create mode 100644 modules/repository-url/licenses/log4j-1.2-api-2.15.0.jar.sha1 delete mode 100644 plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.11.1.jar.sha1 create mode 100644 plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.15.0.jar.sha1 delete mode 100644 plugins/discovery-ec2/licenses/log4j-1.2-api-2.11.1.jar.sha1 create mode 100644 plugins/discovery-ec2/licenses/log4j-1.2-api-2.15.0.jar.sha1 delete mode 100644 plugins/discovery-gce/licenses/log4j-1.2-api-2.11.1.jar.sha1 create mode 100644 plugins/discovery-gce/licenses/log4j-1.2-api-2.15.0.jar.sha1 delete mode 100644 plugins/repository-gcs/licenses/log4j-1.2-api-2.11.1.jar.sha1 create mode 100644 plugins/repository-gcs/licenses/log4j-1.2-api-2.15.0.jar.sha1 delete mode 100644 plugins/repository-hdfs/licenses/log4j-1.2-api-2.11.1.jar.sha1 create mode 100644 plugins/repository-hdfs/licenses/log4j-1.2-api-2.15.0.jar.sha1 delete mode 100644 plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 create mode 100644 plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 delete mode 100644 plugins/repository-s3/licenses/log4j-1.2-api-2.11.1.jar.sha1 create mode 100644 plugins/repository-s3/licenses/log4j-1.2-api-2.15.0.jar.sha1 delete mode 100644 server/licenses/log4j-api-2.11.1.jar.sha1 create mode 100644 server/licenses/log4j-api-2.15.0.jar.sha1 delete mode 100644 server/licenses/log4j-core-2.11.1.jar.sha1 create mode 100644 server/licenses/log4j-core-2.15.0.jar.sha1 delete mode 100644 x-pack/plugin/core/licenses/log4j-1.2-api-2.11.1.jar.sha1 create mode 100644 x-pack/plugin/core/licenses/log4j-1.2-api-2.15.0.jar.sha1 delete mode 100644 x-pack/plugin/identity-provider/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 create mode 100644 x-pack/plugin/identity-provider/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 delete mode 100644 x-pack/plugin/sql/sql-action/licenses/log4j-api-2.11.1.jar.sha1 create mode 100644 x-pack/plugin/sql/sql-action/licenses/log4j-api-2.15.0.jar.sha1 delete mode 100644 x-pack/plugin/sql/sql-action/licenses/log4j-core-2.11.1.jar.sha1 create mode 100644 x-pack/plugin/sql/sql-action/licenses/log4j-core-2.15.0.jar.sha1 delete mode 100644 x-pack/plugin/vector-tile/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 create mode 100644 x-pack/plugin/vector-tile/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 diff --git a/build-tools-internal/version.properties b/build-tools-internal/version.properties index 66f2cea3c1f56..f6924f8033cb6 100644 --- a/build-tools-internal/version.properties +++ b/build-tools-internal/version.properties @@ -14,7 +14,7 @@ snakeyaml = 1.26 icu4j = 68.2 supercsv = 2.4.0 # when updating log4j, please update also docs/java-api/index.asciidoc -log4j = 2.11.1 +log4j = 2.15.0 slf4j = 1.6.2 ecsLogging = 1.2.0 diff --git a/modules/repository-url/build.gradle b/modules/repository-url/build.gradle index 4b2d3f3528e08..164c64ad1f611 100644 --- a/modules/repository-url/build.gradle +++ b/modules/repository-url/build.gradle @@ -40,7 +40,8 @@ tasks.named("thirdPartyAudit").configure { 'javax.servlet.ServletContextListener', 'org.apache.avalon.framework.logger.Logger', 'org.apache.log.Hierarchy', - 'org.apache.log.Logger' + 'org.apache.log.Logger', + 'javax.jms.Message' ) } diff --git a/modules/repository-url/licenses/log4j-1.2-api-2.11.1.jar.sha1 b/modules/repository-url/licenses/log4j-1.2-api-2.11.1.jar.sha1 deleted file mode 100644 index 575d75dbda8c5..0000000000000 --- a/modules/repository-url/licenses/log4j-1.2-api-2.11.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -3aba3398fe064a3eab4331f88161c7480e848418 \ No newline at end of file diff --git a/modules/repository-url/licenses/log4j-1.2-api-2.15.0.jar.sha1 b/modules/repository-url/licenses/log4j-1.2-api-2.15.0.jar.sha1 new file mode 100644 index 0000000000000..2dc80601173be --- /dev/null +++ b/modules/repository-url/licenses/log4j-1.2-api-2.15.0.jar.sha1 @@ -0,0 +1 @@ +bc960fe2acbe6f3952011f88a771de18301534e7 \ No newline at end of file diff --git a/plugins/discovery-azure-classic/build.gradle b/plugins/discovery-azure-classic/build.gradle index 404778a5d9771..8fad76700aa07 100644 --- a/plugins/discovery-azure-classic/build.gradle +++ b/plugins/discovery-azure-classic/build.gradle @@ -116,6 +116,7 @@ tasks.named("thirdPartyAudit").configure { 'org.apache.avalon.framework.logger.Logger', 'org.apache.log.Hierarchy', 'org.apache.log.Logger', + 'javax.jms.Message', 'org.eclipse.persistence.descriptors.ClassDescriptor', 'org.eclipse.persistence.internal.oxm.MappingNodeValue', 'org.eclipse.persistence.internal.oxm.TreeObjectBuilder', diff --git a/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.11.1.jar.sha1 b/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.11.1.jar.sha1 deleted file mode 100644 index 575d75dbda8c5..0000000000000 --- a/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.11.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -3aba3398fe064a3eab4331f88161c7480e848418 \ No newline at end of file diff --git a/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.15.0.jar.sha1 b/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.15.0.jar.sha1 new file mode 100644 index 0000000000000..2dc80601173be --- /dev/null +++ b/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.15.0.jar.sha1 @@ -0,0 +1 @@ +bc960fe2acbe6f3952011f88a771de18301534e7 \ No newline at end of file diff --git a/plugins/discovery-ec2/build.gradle b/plugins/discovery-ec2/build.gradle index 6e7084e85b547..b99d281c26015 100644 --- a/plugins/discovery-ec2/build.gradle +++ b/plugins/discovery-ec2/build.gradle @@ -125,6 +125,7 @@ tasks.named("thirdPartyAudit").configure { 'org.apache.avalon.framework.logger.Logger', 'org.apache.log.Hierarchy', 'org.apache.log.Logger', + 'javax.jms.Message', 'javax.xml.bind.DatatypeConverter', 'javax.xml.bind.JAXBContext' ) diff --git a/plugins/discovery-ec2/licenses/log4j-1.2-api-2.11.1.jar.sha1 b/plugins/discovery-ec2/licenses/log4j-1.2-api-2.11.1.jar.sha1 deleted file mode 100644 index 575d75dbda8c5..0000000000000 --- a/plugins/discovery-ec2/licenses/log4j-1.2-api-2.11.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -3aba3398fe064a3eab4331f88161c7480e848418 \ No newline at end of file diff --git a/plugins/discovery-ec2/licenses/log4j-1.2-api-2.15.0.jar.sha1 b/plugins/discovery-ec2/licenses/log4j-1.2-api-2.15.0.jar.sha1 new file mode 100644 index 0000000000000..2dc80601173be --- /dev/null +++ b/plugins/discovery-ec2/licenses/log4j-1.2-api-2.15.0.jar.sha1 @@ -0,0 +1 @@ +bc960fe2acbe6f3952011f88a771de18301534e7 \ No newline at end of file diff --git a/plugins/discovery-gce/build.gradle b/plugins/discovery-gce/build.gradle index 10abd9d65b698..ff29e385dea7a 100644 --- a/plugins/discovery-gce/build.gradle +++ b/plugins/discovery-gce/build.gradle @@ -52,6 +52,12 @@ tasks.named("thirdPartyAudit").configure { 'org.apache.avalon.framework.logger.Logger', 'org.apache.log.Hierarchy', 'org.apache.log.Logger', + 'org.apache.avalon.framework.logger.Logger', + 'com.google.common.collect.Lists', + 'javax.jms.Message', + 'org.apache.log.Logger', + 'org.apache.log.Hierarchy', + 'javax.servlet.ServletContextListener', 'org.apache.http.ConnectionReuseStrategy', 'org.apache.http.Header', 'org.apache.http.HttpEntity', diff --git a/plugins/discovery-gce/licenses/log4j-1.2-api-2.11.1.jar.sha1 b/plugins/discovery-gce/licenses/log4j-1.2-api-2.11.1.jar.sha1 deleted file mode 100644 index 575d75dbda8c5..0000000000000 --- a/plugins/discovery-gce/licenses/log4j-1.2-api-2.11.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -3aba3398fe064a3eab4331f88161c7480e848418 \ No newline at end of file diff --git a/plugins/discovery-gce/licenses/log4j-1.2-api-2.15.0.jar.sha1 b/plugins/discovery-gce/licenses/log4j-1.2-api-2.15.0.jar.sha1 new file mode 100644 index 0000000000000..2dc80601173be --- /dev/null +++ b/plugins/discovery-gce/licenses/log4j-1.2-api-2.15.0.jar.sha1 @@ -0,0 +1 @@ +bc960fe2acbe6f3952011f88a771de18301534e7 \ No newline at end of file diff --git a/plugins/repository-gcs/build.gradle b/plugins/repository-gcs/build.gradle index c342976498e82..54828dec143b2 100644 --- a/plugins/repository-gcs/build.gradle +++ b/plugins/repository-gcs/build.gradle @@ -135,6 +135,8 @@ tasks.named("thirdPartyAudit").configure { 'org.apache.avalon.framework.logger.Logger', 'org.apache.log.Hierarchy', 'org.apache.log.Logger', + 'javax.jms.Message', + // optional apache http client dependencies 'org.apache.http.ConnectionReuseStrategy', 'org.apache.http.Header', @@ -180,7 +182,7 @@ tasks.named("thirdPartyAudit").configure { 'org.apache.http.protocol.HttpRequestExecutor', // commons-logging provided dependencies 'javax.servlet.ServletContextEvent', - 'javax.servlet.ServletContextListener' + 'javax.servlet.ServletContextListener', ) } diff --git a/plugins/repository-gcs/licenses/log4j-1.2-api-2.11.1.jar.sha1 b/plugins/repository-gcs/licenses/log4j-1.2-api-2.11.1.jar.sha1 deleted file mode 100644 index 575d75dbda8c5..0000000000000 --- a/plugins/repository-gcs/licenses/log4j-1.2-api-2.11.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -3aba3398fe064a3eab4331f88161c7480e848418 \ No newline at end of file diff --git a/plugins/repository-gcs/licenses/log4j-1.2-api-2.15.0.jar.sha1 b/plugins/repository-gcs/licenses/log4j-1.2-api-2.15.0.jar.sha1 new file mode 100644 index 0000000000000..2dc80601173be --- /dev/null +++ b/plugins/repository-gcs/licenses/log4j-1.2-api-2.15.0.jar.sha1 @@ -0,0 +1 @@ +bc960fe2acbe6f3952011f88a771de18301534e7 \ No newline at end of file diff --git a/plugins/repository-hdfs/licenses/log4j-1.2-api-2.11.1.jar.sha1 b/plugins/repository-hdfs/licenses/log4j-1.2-api-2.11.1.jar.sha1 deleted file mode 100644 index 575d75dbda8c5..0000000000000 --- a/plugins/repository-hdfs/licenses/log4j-1.2-api-2.11.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -3aba3398fe064a3eab4331f88161c7480e848418 \ No newline at end of file diff --git a/plugins/repository-hdfs/licenses/log4j-1.2-api-2.15.0.jar.sha1 b/plugins/repository-hdfs/licenses/log4j-1.2-api-2.15.0.jar.sha1 new file mode 100644 index 0000000000000..2dc80601173be --- /dev/null +++ b/plugins/repository-hdfs/licenses/log4j-1.2-api-2.15.0.jar.sha1 @@ -0,0 +1 @@ +bc960fe2acbe6f3952011f88a771de18301534e7 \ No newline at end of file diff --git a/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 b/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 deleted file mode 100644 index 6178556b31848..0000000000000 --- a/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -4b41b53a3a2d299ce381a69d165381ca19f62912 \ No newline at end of file diff --git a/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 b/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 new file mode 100644 index 0000000000000..1f976e2cc5aa2 --- /dev/null +++ b/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 @@ -0,0 +1 @@ +8bb417869ab3baa19f2fc70e6d776d041f0a8ebc \ No newline at end of file diff --git a/plugins/repository-s3/build.gradle b/plugins/repository-s3/build.gradle index 05775c0b0b923..61d8e25e1dd12 100644 --- a/plugins/repository-s3/build.gradle +++ b/plugins/repository-s3/build.gradle @@ -290,6 +290,7 @@ tasks.named("thirdPartyAudit").configure { 'org.apache.avalon.framework.logger.Logger', 'org.apache.log.Hierarchy', 'org.apache.log.Logger', + 'javax.jms.Message', 'software.amazon.ion.IonReader', 'software.amazon.ion.IonSystem', 'software.amazon.ion.IonType', @@ -308,6 +309,6 @@ tasks.named("thirdPartyAudit").configure { 'com.amazonaws.services.kms.model.EncryptResult', 'com.amazonaws.services.kms.model.GenerateDataKeyRequest', 'com.amazonaws.services.kms.model.GenerateDataKeyResult', - 'javax.activation.DataHandler' + 'javax.activation.DataHandler', ) } diff --git a/plugins/repository-s3/licenses/log4j-1.2-api-2.11.1.jar.sha1 b/plugins/repository-s3/licenses/log4j-1.2-api-2.11.1.jar.sha1 deleted file mode 100644 index 575d75dbda8c5..0000000000000 --- a/plugins/repository-s3/licenses/log4j-1.2-api-2.11.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -3aba3398fe064a3eab4331f88161c7480e848418 \ No newline at end of file diff --git a/plugins/repository-s3/licenses/log4j-1.2-api-2.15.0.jar.sha1 b/plugins/repository-s3/licenses/log4j-1.2-api-2.15.0.jar.sha1 new file mode 100644 index 0000000000000..2dc80601173be --- /dev/null +++ b/plugins/repository-s3/licenses/log4j-1.2-api-2.15.0.jar.sha1 @@ -0,0 +1 @@ +bc960fe2acbe6f3952011f88a771de18301534e7 \ No newline at end of file diff --git a/server/build.gradle b/server/build.gradle index 3afb850d6e102..385dde1759f81 100644 --- a/server/build.gradle +++ b/server/build.gradle @@ -201,11 +201,9 @@ tasks.named("thirdPartyAudit").configure { 'org.apache.commons.compress.utils.IOUtils', 'org.apache.commons.csv.CSVFormat', 'org.apache.commons.csv.QuoteMode', - 'org.apache.kafka.clients.producer.Callback', 'org.apache.kafka.clients.producer.Producer', 'org.apache.kafka.clients.producer.RecordMetadata', 'org.codehaus.stax2.XMLStreamWriter2', - 'org.jctools.queues.MessagePassingQueue$Consumer', 'org.jctools.queues.MpscArrayQueue', 'org.osgi.framework.Bundle', 'org.osgi.framework.BundleActivator', diff --git a/server/licenses/log4j-api-2.11.1.jar.sha1 b/server/licenses/log4j-api-2.11.1.jar.sha1 deleted file mode 100644 index 4b1bfffac179f..0000000000000 --- a/server/licenses/log4j-api-2.11.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -268f0fe4df3eefe052b57c87ec48517d64fb2a10 \ No newline at end of file diff --git a/server/licenses/log4j-api-2.15.0.jar.sha1 b/server/licenses/log4j-api-2.15.0.jar.sha1 new file mode 100644 index 0000000000000..a699db85f74ec --- /dev/null +++ b/server/licenses/log4j-api-2.15.0.jar.sha1 @@ -0,0 +1 @@ +4a5aa7e55a29391c6f66e0b259d5189aa11e45d0 \ No newline at end of file diff --git a/server/licenses/log4j-core-2.11.1.jar.sha1 b/server/licenses/log4j-core-2.11.1.jar.sha1 deleted file mode 100644 index 2fb8589380a03..0000000000000 --- a/server/licenses/log4j-core-2.11.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -592a48674c926b01a9a747c7831bcd82a9e6d6e4 \ No newline at end of file diff --git a/server/licenses/log4j-core-2.15.0.jar.sha1 b/server/licenses/log4j-core-2.15.0.jar.sha1 new file mode 100644 index 0000000000000..b0ab8d9f40fde --- /dev/null +++ b/server/licenses/log4j-core-2.15.0.jar.sha1 @@ -0,0 +1 @@ +ba55c13d7ac2fd44df9cc8074455719a33f375b9 \ No newline at end of file diff --git a/x-pack/plugin/core/build.gradle b/x-pack/plugin/core/build.gradle index 8b63991a162d8..f7811e9b1b6c9 100644 --- a/x-pack/plugin/core/build.gradle +++ b/x-pack/plugin/core/build.gradle @@ -118,7 +118,15 @@ tasks.named("thirdPartyAudit").configure { 'org.apache.log.Logger', //commons-logging provided dependencies 'javax.servlet.ServletContextEvent', - 'javax.servlet.ServletContextListener' + 'javax.servlet.ServletContextListener', + + 'org.apache.avalon.framework.logger.Logger', + 'javax.jms.Message', + 'org.apache.log.Logger', + 'org.apache.log.Hierarchy', + 'org.apache.log.Logger', + 'javax.servlet.ServletContextListener', + 'javax.servlet.ServletContextEvent' ) } diff --git a/x-pack/plugin/core/licenses/log4j-1.2-api-2.11.1.jar.sha1 b/x-pack/plugin/core/licenses/log4j-1.2-api-2.11.1.jar.sha1 deleted file mode 100644 index 575d75dbda8c5..0000000000000 --- a/x-pack/plugin/core/licenses/log4j-1.2-api-2.11.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -3aba3398fe064a3eab4331f88161c7480e848418 \ No newline at end of file diff --git a/x-pack/plugin/core/licenses/log4j-1.2-api-2.15.0.jar.sha1 b/x-pack/plugin/core/licenses/log4j-1.2-api-2.15.0.jar.sha1 new file mode 100644 index 0000000000000..2dc80601173be --- /dev/null +++ b/x-pack/plugin/core/licenses/log4j-1.2-api-2.15.0.jar.sha1 @@ -0,0 +1 @@ +bc960fe2acbe6f3952011f88a771de18301534e7 \ No newline at end of file diff --git a/x-pack/plugin/identity-provider/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 b/x-pack/plugin/identity-provider/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 deleted file mode 100644 index 6178556b31848..0000000000000 --- a/x-pack/plugin/identity-provider/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -4b41b53a3a2d299ce381a69d165381ca19f62912 \ No newline at end of file diff --git a/x-pack/plugin/identity-provider/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 b/x-pack/plugin/identity-provider/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 new file mode 100644 index 0000000000000..1f976e2cc5aa2 --- /dev/null +++ b/x-pack/plugin/identity-provider/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 @@ -0,0 +1 @@ +8bb417869ab3baa19f2fc70e6d776d041f0a8ebc \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 b/x-pack/plugin/security/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 deleted file mode 100644 index 6178556b31848..0000000000000 --- a/x-pack/plugin/security/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -4b41b53a3a2d299ce381a69d165381ca19f62912 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 b/x-pack/plugin/security/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 new file mode 100644 index 0000000000000..1f976e2cc5aa2 --- /dev/null +++ b/x-pack/plugin/security/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 @@ -0,0 +1 @@ +8bb417869ab3baa19f2fc70e6d776d041f0a8ebc \ No newline at end of file diff --git a/x-pack/plugin/sql/sql-action/build.gradle b/x-pack/plugin/sql/sql-action/build.gradle index 571b197bffa89..193bb9bd440cc 100644 --- a/x-pack/plugin/sql/sql-action/build.gradle +++ b/x-pack/plugin/sql/sql-action/build.gradle @@ -106,11 +106,9 @@ tasks.named("thirdPartyAudit").configure { 'org.apache.commons.compress.utils.IOUtils', 'org.apache.commons.csv.CSVFormat', 'org.apache.commons.csv.QuoteMode', - 'org.apache.kafka.clients.producer.Callback', 'org.apache.kafka.clients.producer.Producer', 'org.apache.kafka.clients.producer.RecordMetadata', 'org.codehaus.stax2.XMLStreamWriter2', - 'org.jctools.queues.MessagePassingQueue$Consumer', 'org.jctools.queues.MpscArrayQueue', 'org.osgi.framework.Bundle', 'org.osgi.framework.BundleActivator', diff --git a/x-pack/plugin/sql/sql-action/licenses/log4j-api-2.11.1.jar.sha1 b/x-pack/plugin/sql/sql-action/licenses/log4j-api-2.11.1.jar.sha1 deleted file mode 100644 index 4b1bfffac179f..0000000000000 --- a/x-pack/plugin/sql/sql-action/licenses/log4j-api-2.11.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -268f0fe4df3eefe052b57c87ec48517d64fb2a10 \ No newline at end of file diff --git a/x-pack/plugin/sql/sql-action/licenses/log4j-api-2.15.0.jar.sha1 b/x-pack/plugin/sql/sql-action/licenses/log4j-api-2.15.0.jar.sha1 new file mode 100644 index 0000000000000..a699db85f74ec --- /dev/null +++ b/x-pack/plugin/sql/sql-action/licenses/log4j-api-2.15.0.jar.sha1 @@ -0,0 +1 @@ +4a5aa7e55a29391c6f66e0b259d5189aa11e45d0 \ No newline at end of file diff --git a/x-pack/plugin/sql/sql-action/licenses/log4j-core-2.11.1.jar.sha1 b/x-pack/plugin/sql/sql-action/licenses/log4j-core-2.11.1.jar.sha1 deleted file mode 100644 index 2fb8589380a03..0000000000000 --- a/x-pack/plugin/sql/sql-action/licenses/log4j-core-2.11.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -592a48674c926b01a9a747c7831bcd82a9e6d6e4 \ No newline at end of file diff --git a/x-pack/plugin/sql/sql-action/licenses/log4j-core-2.15.0.jar.sha1 b/x-pack/plugin/sql/sql-action/licenses/log4j-core-2.15.0.jar.sha1 new file mode 100644 index 0000000000000..b0ab8d9f40fde --- /dev/null +++ b/x-pack/plugin/sql/sql-action/licenses/log4j-core-2.15.0.jar.sha1 @@ -0,0 +1 @@ +ba55c13d7ac2fd44df9cc8074455719a33f375b9 \ No newline at end of file diff --git a/x-pack/plugin/vector-tile/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 b/x-pack/plugin/vector-tile/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 deleted file mode 100644 index 6178556b31848..0000000000000 --- a/x-pack/plugin/vector-tile/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -4b41b53a3a2d299ce381a69d165381ca19f62912 \ No newline at end of file diff --git a/x-pack/plugin/vector-tile/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 b/x-pack/plugin/vector-tile/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 new file mode 100644 index 0000000000000..1f976e2cc5aa2 --- /dev/null +++ b/x-pack/plugin/vector-tile/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 @@ -0,0 +1 @@ +8bb417869ab3baa19f2fc70e6d776d041f0a8ebc \ No newline at end of file From 62a0c742244e6f21ec0f3dc65e71efbfbeb9f5af Mon Sep 17 00:00:00 2001 From: Artem Prigoda Date: Tue, 14 Dec 2021 10:11:23 +0100 Subject: [PATCH 2/4] Remove superfluous ignores from thirdPartyAudit --- plugins/discovery-gce/build.gradle | 4 ---- plugins/repository-gcs/build.gradle | 2 +- plugins/repository-s3/build.gradle | 2 +- x-pack/plugin/core/build.gradle | 9 +-------- 4 files changed, 3 insertions(+), 14 deletions(-) diff --git a/plugins/discovery-gce/build.gradle b/plugins/discovery-gce/build.gradle index ff29e385dea7a..aad5d2f0ba3b2 100644 --- a/plugins/discovery-gce/build.gradle +++ b/plugins/discovery-gce/build.gradle @@ -53,11 +53,7 @@ tasks.named("thirdPartyAudit").configure { 'org.apache.log.Hierarchy', 'org.apache.log.Logger', 'org.apache.avalon.framework.logger.Logger', - 'com.google.common.collect.Lists', 'javax.jms.Message', - 'org.apache.log.Logger', - 'org.apache.log.Hierarchy', - 'javax.servlet.ServletContextListener', 'org.apache.http.ConnectionReuseStrategy', 'org.apache.http.Header', 'org.apache.http.HttpEntity', diff --git a/plugins/repository-gcs/build.gradle b/plugins/repository-gcs/build.gradle index 54828dec143b2..4b25ec8887ded 100644 --- a/plugins/repository-gcs/build.gradle +++ b/plugins/repository-gcs/build.gradle @@ -182,7 +182,7 @@ tasks.named("thirdPartyAudit").configure { 'org.apache.http.protocol.HttpRequestExecutor', // commons-logging provided dependencies 'javax.servlet.ServletContextEvent', - 'javax.servlet.ServletContextListener', + 'javax.servlet.ServletContextListener' ) } diff --git a/plugins/repository-s3/build.gradle b/plugins/repository-s3/build.gradle index 61d8e25e1dd12..82a776b6374f0 100644 --- a/plugins/repository-s3/build.gradle +++ b/plugins/repository-s3/build.gradle @@ -309,6 +309,6 @@ tasks.named("thirdPartyAudit").configure { 'com.amazonaws.services.kms.model.EncryptResult', 'com.amazonaws.services.kms.model.GenerateDataKeyRequest', 'com.amazonaws.services.kms.model.GenerateDataKeyResult', - 'javax.activation.DataHandler', + 'javax.activation.DataHandler' ) } diff --git a/x-pack/plugin/core/build.gradle b/x-pack/plugin/core/build.gradle index f7811e9b1b6c9..0c84e04797bc8 100644 --- a/x-pack/plugin/core/build.gradle +++ b/x-pack/plugin/core/build.gradle @@ -119,14 +119,7 @@ tasks.named("thirdPartyAudit").configure { //commons-logging provided dependencies 'javax.servlet.ServletContextEvent', 'javax.servlet.ServletContextListener', - - 'org.apache.avalon.framework.logger.Logger', - 'javax.jms.Message', - 'org.apache.log.Logger', - 'org.apache.log.Hierarchy', - 'org.apache.log.Logger', - 'javax.servlet.ServletContextListener', - 'javax.servlet.ServletContextEvent' + 'javax.jms.Message' ) } From 0f07251039f215225dd0936d5eb77c14d2d504d3 Mon Sep 17 00:00:00 2001 From: Artem Prigoda Date: Tue, 14 Dec 2021 13:55:59 +0100 Subject: [PATCH 3/4] Initialize pattern layout with AccessController.doPrivileged We need the `getClassLoader` permissions --- .../security/audit/logfile/LoggingAuditTrailTests.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java index 25682e7fc7fda..50d866c70e2f6 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java @@ -129,6 +129,8 @@ import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.time.Clock; import java.util.ArrayList; import java.util.Arrays; @@ -247,7 +249,12 @@ public static void lookupPatternLayout() throws Exception { assertThat(properties.getProperty("appender.audit_rolling.layout.type"), is("PatternLayout")); final String patternLayoutFormat = properties.getProperty("appender.audit_rolling.layout.pattern"); assertThat(patternLayoutFormat, is(notNullValue())); - patternLayout = PatternLayout.newBuilder().withPattern(patternLayoutFormat).withCharset(StandardCharsets.UTF_8).build(); + patternLayout = AccessController.doPrivileged( + (PrivilegedAction) () -> PatternLayout.newBuilder() + .withPattern(patternLayoutFormat) + .withCharset(StandardCharsets.UTF_8) + .build() + ); customAnonymousUsername = randomAlphaOfLength(8); reservedRealmEnabled = randomBoolean(); } From 309b0d52ddfca62a35abf274e0afa2e0f40b44fe Mon Sep 17 00:00:00 2001 From: Artem Prigoda Date: Wed, 15 Dec 2021 11:29:37 +0100 Subject: [PATCH 4/4] Disable the SecurityManager for command testing --- x-pack/plugin/sql/qa/server/multi-node/build.gradle | 5 +++++ x-pack/plugin/sql/qa/server/security/build.gradle | 3 +++ x-pack/plugin/sql/qa/server/single-node/build.gradle | 5 +++++ 3 files changed, 13 insertions(+) diff --git a/x-pack/plugin/sql/qa/server/multi-node/build.gradle b/x-pack/plugin/sql/qa/server/multi-node/build.gradle index acdd38750404f..499a3907cc580 100644 --- a/x-pack/plugin/sql/qa/server/multi-node/build.gradle +++ b/x-pack/plugin/sql/qa/server/multi-node/build.gradle @@ -12,3 +12,8 @@ testClusters.matching { it.name == "integTest" }.configureEach { setting 'xpack.license.self_generated.type', 'trial' plugin ':x-pack:qa:freeze-plugin' } + +tasks.named("integTest").configure { + // Disabled because of log4j Security Manager permission issues in CLI tools + systemProperty 'tests.security.manager', 'false' +} diff --git a/x-pack/plugin/sql/qa/server/security/build.gradle b/x-pack/plugin/sql/qa/server/security/build.gradle index d7216d25d52b0..b3fb75eca027b 100644 --- a/x-pack/plugin/sql/qa/server/security/build.gradle +++ b/x-pack/plugin/sql/qa/server/security/build.gradle @@ -54,6 +54,9 @@ subprojects { "${-> testClusters.integTest.singleNode().getAuditLog()}" nonInputProperties.systemProperty 'tests.audit.yesterday.logfile', "${-> testClusters.integTest.singleNode().getAuditLog().getParentFile()}/integTest_audit-${new Date().format('yyyy-MM-dd')}-1.json.gz" + + // Disabled because of log4j Security Manager permission issues in CLI tools + systemProperty 'tests.security.manager', 'false' } tasks.named("testingConventions").configure { enabled = false } diff --git a/x-pack/plugin/sql/qa/server/single-node/build.gradle b/x-pack/plugin/sql/qa/server/single-node/build.gradle index 211bf3e3d90e1..945fa65c048ae 100644 --- a/x-pack/plugin/sql/qa/server/single-node/build.gradle +++ b/x-pack/plugin/sql/qa/server/single-node/build.gradle @@ -4,3 +4,8 @@ testClusters.matching { it.name == "integTest" }.configureEach { setting 'xpack.license.self_generated.type', 'trial' plugin ':x-pack:qa:freeze-plugin' } + +tasks.named("integTest").configure { + // Disabled because of log4j Security Manager permission issues in CLI tools + systemProperty 'tests.security.manager', 'false' +}