elastic · arteam · Dec 15, 2021 · Sep 30, 2019 · Dec 14, 2021 · Dec 14, 2021
diff --git a/build-tools-internal/version.properties b/build-tools-internal/version.properties
@@ -14,7 +14,7 @@ snakeyaml         = 1.26
 icu4j             = 68.2
 supercsv          = 2.4.0
 # when updating log4j, please update also docs/java-api/index.asciidoc
-log4j             = 2.11.1
+log4j             = 2.15.0
 slf4j             = 1.6.2
 ecsLogging        = 1.2.0
 

diff --git a/modules/repository-url/build.gradle b/modules/repository-url/build.gradle
@@ -40,7 +40,8 @@ tasks.named("thirdPartyAudit").configure {
     'javax.servlet.ServletContextListener',
     'org.apache.avalon.framework.logger.Logger',
     'org.apache.log.Hierarchy',
-    'org.apache.log.Logger'
+    'org.apache.log.Logger',
+    'javax.jms.Message'
   )
 }
 

diff --git a/modules/repository-url/licenses/log4j-1.2-api-2.11.1.jar.sha1 b/modules/repository-url/licenses/log4j-1.2-api-2.11.1.jar.sha1
diff --git a/modules/repository-url/licenses/log4j-1.2-api-2.15.0.jar.sha1 b/modules/repository-url/licenses/log4j-1.2-api-2.15.0.jar.sha1
@@ -0,0 +1 @@
+bc960fe2acbe6f3952011f88a771de18301534e7
diff --git a/plugins/discovery-azure-classic/build.gradle b/plugins/discovery-azure-classic/build.gradle
@@ -116,6 +116,7 @@ tasks.named("thirdPartyAudit").configure {
           'org.apache.avalon.framework.logger.Logger',
           'org.apache.log.Hierarchy',
           'org.apache.log.Logger',
+          'javax.jms.Message',
           'org.eclipse.persistence.descriptors.ClassDescriptor',
           'org.eclipse.persistence.internal.oxm.MappingNodeValue',
           'org.eclipse.persistence.internal.oxm.TreeObjectBuilder',

diff --git a/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.11.1.jar.sha1 b/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.11.1.jar.sha1
diff --git a/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.15.0.jar.sha1 b/plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.15.0.jar.sha1
@@ -0,0 +1 @@
+bc960fe2acbe6f3952011f88a771de18301534e7
diff --git a/plugins/discovery-ec2/build.gradle b/plugins/discovery-ec2/build.gradle
@@ -125,6 +125,7 @@ tasks.named("thirdPartyAudit").configure {
           'org.apache.avalon.framework.logger.Logger',
           'org.apache.log.Hierarchy',
           'org.apache.log.Logger',
+          'javax.jms.Message',
           'javax.xml.bind.DatatypeConverter',
           'javax.xml.bind.JAXBContext'
   )

diff --git a/plugins/discovery-ec2/licenses/log4j-1.2-api-2.11.1.jar.sha1 b/plugins/discovery-ec2/licenses/log4j-1.2-api-2.11.1.jar.sha1
diff --git a/plugins/discovery-ec2/licenses/log4j-1.2-api-2.15.0.jar.sha1 b/plugins/discovery-ec2/licenses/log4j-1.2-api-2.15.0.jar.sha1
@@ -0,0 +1 @@
+bc960fe2acbe6f3952011f88a771de18301534e7
diff --git a/plugins/discovery-gce/build.gradle b/plugins/discovery-gce/build.gradle
@@ -52,6 +52,8 @@ tasks.named("thirdPartyAudit").configure {
           'org.apache.avalon.framework.logger.Logger',
           'org.apache.log.Hierarchy',
           'org.apache.log.Logger',
+          'org.apache.avalon.framework.logger.Logger',
+          'javax.jms.Message',
           'org.apache.http.ConnectionReuseStrategy',
           'org.apache.http.Header',
           'org.apache.http.HttpEntity',

diff --git a/plugins/discovery-gce/licenses/log4j-1.2-api-2.11.1.jar.sha1 b/plugins/discovery-gce/licenses/log4j-1.2-api-2.11.1.jar.sha1
diff --git a/plugins/discovery-gce/licenses/log4j-1.2-api-2.15.0.jar.sha1 b/plugins/discovery-gce/licenses/log4j-1.2-api-2.15.0.jar.sha1
@@ -0,0 +1 @@
+bc960fe2acbe6f3952011f88a771de18301534e7
diff --git a/plugins/repository-gcs/build.gradle b/plugins/repository-gcs/build.gradle
@@ -135,6 +135,8 @@ tasks.named("thirdPartyAudit").configure {
     'org.apache.avalon.framework.logger.Logger',
     'org.apache.log.Hierarchy',
     'org.apache.log.Logger',
+    'javax.jms.Message',
+
     // optional apache http client dependencies
     'org.apache.http.ConnectionReuseStrategy',
     'org.apache.http.Header',

diff --git a/plugins/repository-gcs/licenses/log4j-1.2-api-2.11.1.jar.sha1 b/plugins/repository-gcs/licenses/log4j-1.2-api-2.11.1.jar.sha1
diff --git a/plugins/repository-gcs/licenses/log4j-1.2-api-2.15.0.jar.sha1 b/plugins/repository-gcs/licenses/log4j-1.2-api-2.15.0.jar.sha1
@@ -0,0 +1 @@
+bc960fe2acbe6f3952011f88a771de18301534e7
diff --git a/plugins/repository-hdfs/licenses/log4j-1.2-api-2.11.1.jar.sha1 b/plugins/repository-hdfs/licenses/log4j-1.2-api-2.11.1.jar.sha1
diff --git a/plugins/repository-hdfs/licenses/log4j-1.2-api-2.15.0.jar.sha1 b/plugins/repository-hdfs/licenses/log4j-1.2-api-2.15.0.jar.sha1
@@ -0,0 +1 @@
+bc960fe2acbe6f3952011f88a771de18301534e7
diff --git a/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 b/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.11.1.jar.sha1
diff --git a/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 b/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.15.0.jar.sha1
@@ -0,0 +1 @@
+8bb417869ab3baa19f2fc70e6d776d041f0a8ebc
diff --git a/plugins/repository-s3/build.gradle b/plugins/repository-s3/build.gradle
@@ -290,6 +290,7 @@ tasks.named("thirdPartyAudit").configure {
           'org.apache.avalon.framework.logger.Logger',
           'org.apache.log.Hierarchy',
           'org.apache.log.Logger',
+          'javax.jms.Message',
           'software.amazon.ion.IonReader',
           'software.amazon.ion.IonSystem',
           'software.amazon.ion.IonType',

diff --git a/plugins/repository-s3/licenses/log4j-1.2-api-2.11.1.jar.sha1 b/plugins/repository-s3/licenses/log4j-1.2-api-2.11.1.jar.sha1
diff --git a/plugins/repository-s3/licenses/log4j-1.2-api-2.15.0.jar.sha1 b/plugins/repository-s3/licenses/log4j-1.2-api-2.15.0.jar.sha1
@@ -0,0 +1 @@
+bc960fe2acbe6f3952011f88a771de18301534e7
diff --git a/server/build.gradle b/server/build.gradle
@@ -201,11 +201,9 @@ tasks.named("thirdPartyAudit").configure {
             'org.apache.commons.compress.utils.IOUtils',
             'org.apache.commons.csv.CSVFormat',
             'org.apache.commons.csv.QuoteMode',
-            'org.apache.kafka.clients.producer.Callback',
             'org.apache.kafka.clients.producer.Producer',
             'org.apache.kafka.clients.producer.RecordMetadata',
             'org.codehaus.stax2.XMLStreamWriter2',
-            'org.jctools.queues.MessagePassingQueue$Consumer',
             'org.jctools.queues.MpscArrayQueue',
             'org.osgi.framework.Bundle',
             'org.osgi.framework.BundleActivator',

diff --git a/server/licenses/log4j-api-2.11.1.jar.sha1 b/server/licenses/log4j-api-2.11.1.jar.sha1
diff --git a/server/licenses/log4j-api-2.15.0.jar.sha1 b/server/licenses/log4j-api-2.15.0.jar.sha1
@@ -0,0 +1 @@
+4a5aa7e55a29391c6f66e0b259d5189aa11e45d0
diff --git a/server/licenses/log4j-core-2.11.1.jar.sha1 b/server/licenses/log4j-core-2.11.1.jar.sha1
diff --git a/server/licenses/log4j-core-2.15.0.jar.sha1 b/server/licenses/log4j-core-2.15.0.jar.sha1
@@ -0,0 +1 @@
+ba55c13d7ac2fd44df9cc8074455719a33f375b9
diff --git a/x-pack/plugin/core/build.gradle b/x-pack/plugin/core/build.gradle
@@ -118,7 +118,8 @@ tasks.named("thirdPartyAudit").configure {
           'org.apache.log.Logger',
           //commons-logging provided dependencies
           'javax.servlet.ServletContextEvent',
-          'javax.servlet.ServletContextListener'
+          'javax.servlet.ServletContextListener',
+          'javax.jms.Message'
   )
 }
 

diff --git a/x-pack/plugin/core/licenses/log4j-1.2-api-2.11.1.jar.sha1 b/x-pack/plugin/core/licenses/log4j-1.2-api-2.11.1.jar.sha1
diff --git a/x-pack/plugin/core/licenses/log4j-1.2-api-2.15.0.jar.sha1 b/x-pack/plugin/core/licenses/log4j-1.2-api-2.15.0.jar.sha1
@@ -0,0 +1 @@
+bc960fe2acbe6f3952011f88a771de18301534e7
diff --git a/x-pack/plugin/identity-provider/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 b/x-pack/plugin/identity-provider/licenses/log4j-slf4j-impl-2.11.1.jar.sha1
diff --git a/x-pack/plugin/identity-provider/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 b/x-pack/plugin/identity-provider/licenses/log4j-slf4j-impl-2.15.0.jar.sha1
@@ -0,0 +1 @@
+8bb417869ab3baa19f2fc70e6d776d041f0a8ebc
diff --git a/x-pack/plugin/security/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 b/x-pack/plugin/security/licenses/log4j-slf4j-impl-2.11.1.jar.sha1
diff --git a/x-pack/plugin/security/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 b/x-pack/plugin/security/licenses/log4j-slf4j-impl-2.15.0.jar.sha1
@@ -0,0 +1 @@
+8bb417869ab3baa19f2fc70e6d776d041f0a8ebc
diff --git a/.../src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java b/.../src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java
@@ -129,6 +129,8 @@
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.time.Clock;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -247,7 +249,12 @@ public static void lookupPatternLayout() throws Exception {
         assertThat(properties.getProperty("appender.audit_rolling.layout.type"), is("PatternLayout"));
         final String patternLayoutFormat = properties.getProperty("appender.audit_rolling.layout.pattern");
         assertThat(patternLayoutFormat, is(notNullValue()));
-        patternLayout = PatternLayout.newBuilder().withPattern(patternLayoutFormat).withCharset(StandardCharsets.UTF_8).build();
+        patternLayout = AccessController.doPrivileged(
+            (PrivilegedAction<PatternLayout>) () -> PatternLayout.newBuilder()
+                .withPattern(patternLayoutFormat)
+                .withCharset(StandardCharsets.UTF_8)
+                .build()
+        );
         customAnonymousUsername = randomAlphaOfLength(8);
         reservedRealmEnabled = randomBoolean();
     }

diff --git a/x-pack/plugin/sql/qa/server/multi-node/build.gradle b/x-pack/plugin/sql/qa/server/multi-node/build.gradle
@@ -12,3 +12,8 @@ testClusters.matching { it.name == "integTest" }.configureEach {
   setting 'xpack.license.self_generated.type', 'trial'
   plugin ':x-pack:qa:freeze-plugin'
 }
+
+tasks.named("integTest").configure {
+  // Disabled because of log4j Security Manager permission issues in CLI tools
+  systemProperty 'tests.security.manager', 'false'
+}
diff --git a/x-pack/plugin/sql/qa/server/security/build.gradle b/x-pack/plugin/sql/qa/server/security/build.gradle
@@ -54,6 +54,9 @@ subprojects {
       "${-> testClusters.integTest.singleNode().getAuditLog()}"
     nonInputProperties.systemProperty 'tests.audit.yesterday.logfile',
       "${-> testClusters.integTest.singleNode().getAuditLog().getParentFile()}/integTest_audit-${new Date().format('yyyy-MM-dd')}-1.json.gz"
+
+    // Disabled because of log4j Security Manager permission issues in CLI tools
+    systemProperty 'tests.security.manager', 'false'
   }
 
   tasks.named("testingConventions").configure { enabled = false }

diff --git a/x-pack/plugin/sql/qa/server/single-node/build.gradle b/x-pack/plugin/sql/qa/server/single-node/build.gradle
@@ -4,3 +4,8 @@ testClusters.matching { it.name == "integTest" }.configureEach {
   setting 'xpack.license.self_generated.type', 'trial'
   plugin ':x-pack:qa:freeze-plugin'
 }
+
+tasks.named("integTest").configure {
+  // Disabled because of log4j Security Manager permission issues in CLI tools
+  systemProperty 'tests.security.manager', 'false'
+}
diff --git a/x-pack/plugin/sql/sql-action/build.gradle b/x-pack/plugin/sql/sql-action/build.gradle
@@ -106,11 +106,9 @@ tasks.named("thirdPartyAudit").configure {
           'org.apache.commons.compress.utils.IOUtils',
           'org.apache.commons.csv.CSVFormat',
           'org.apache.commons.csv.QuoteMode',
-          'org.apache.kafka.clients.producer.Callback',
           'org.apache.kafka.clients.producer.Producer',
           'org.apache.kafka.clients.producer.RecordMetadata',
           'org.codehaus.stax2.XMLStreamWriter2',
-          'org.jctools.queues.MessagePassingQueue$Consumer',
           'org.jctools.queues.MpscArrayQueue',
           'org.osgi.framework.Bundle',
           'org.osgi.framework.BundleActivator',

diff --git a/x-pack/plugin/sql/sql-action/licenses/log4j-api-2.11.1.jar.sha1 b/x-pack/plugin/sql/sql-action/licenses/log4j-api-2.11.1.jar.sha1
diff --git a/x-pack/plugin/sql/sql-action/licenses/log4j-api-2.15.0.jar.sha1 b/x-pack/plugin/sql/sql-action/licenses/log4j-api-2.15.0.jar.sha1
@@ -0,0 +1 @@
+4a5aa7e55a29391c6f66e0b259d5189aa11e45d0
diff --git a/x-pack/plugin/sql/sql-action/licenses/log4j-core-2.11.1.jar.sha1 b/x-pack/plugin/sql/sql-action/licenses/log4j-core-2.11.1.jar.sha1
diff --git a/x-pack/plugin/sql/sql-action/licenses/log4j-core-2.15.0.jar.sha1 b/x-pack/plugin/sql/sql-action/licenses/log4j-core-2.15.0.jar.sha1
@@ -0,0 +1 @@
+ba55c13d7ac2fd44df9cc8074455719a33f375b9
diff --git a/x-pack/plugin/vector-tile/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 b/x-pack/plugin/vector-tile/licenses/log4j-slf4j-impl-2.11.1.jar.sha1
diff --git a/x-pack/plugin/vector-tile/licenses/log4j-slf4j-impl-2.15.0.jar.sha1 b/x-pack/plugin/vector-tile/licenses/log4j-slf4j-impl-2.15.0.jar.sha1
@@ -0,0 +1 @@
+8bb417869ab3baa19f2fc70e6d776d041f0a8ebc