diff options
| author | Manuel Bentele | 2021-12-15 14:32:30 +0100 |
|---|---|---|
| committer | Manuel Bentele | 2021-12-15 14:32:30 +0100 |
| commit | 51050cd3f643e69aae1487d04ee1997bad000992 (patch) | |
| tree | 2f7b70f40f340f6b70f7774378b468e9d374b134 | |
| parent | Add URL to the project's website to the Maven configuration (diff) | |
| download | ecp-client-lean-51050cd3f643e69aae1487d04ee1997bad000992.tar.gz ecp-client-lean-51050cd3f643e69aae1487d04ee1997bad000992.tar.xz ecp-client-lean-51050cd3f643e69aae1487d04ee1997bad000992.zip | |
Update log4j because of the CVE-2021-44228 security flaw
| -rw-r--r-- | pom.xml | 14 | ||||
| -rw-r--r-- | src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java | 6 |
2 files changed, 16 insertions, 4 deletions
@@ -43,7 +43,19 @@ <dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
- <version>[4.5.3,4.5.99]</version>
+ <version>[4.5,4.6)</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-api</artifactId>
+ <version>[2.0,3.0)</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-core</artifactId>
+ <version>[2.0,3.0)</version>
+ <scope>compile</scope>
</dependency>
</dependencies>
</project>
diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java index c35c6fe..b6a4c01 100644 --- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java +++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java @@ -21,8 +21,6 @@ import javax.xml.xpath.XPathException; import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathFactory;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.auth.AuthenticationException;
@@ -33,6 +31,8 @@ import org.apache.http.impl.auth.BasicScheme; import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
import org.w3c.dom.Document;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
@@ -40,7 +40,7 @@ import org.xml.sax.SAXException; public abstract class ECPAuthenticatorBase extends Observable {
- protected static Log logger = LogFactory.getLog(ECPAuthenticatorBase.class);
+ protected static Logger logger = LogManager.getLogger(ECPAuthenticatorBase.class);
protected ECPAuthenticationInfo authInfo;
protected CloseableHttpClient client;
|