From 51050cd3f643e69aae1487d04ee1997bad000992 Mon Sep 17 00:00:00 2001
From: Manuel Bentele
Date: Wed, 15 Dec 2021 14:32:30 +0100
Subject: Update log4j because of the CVE-2021-44228 security flaw

---
 pom.xml                                                    | 14 +++++++++++++-
 .../java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java |  6 +++---
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index 4daf76a..6987fcd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -43,7 +43,19 @@
 		<dependency>
 			<groupId>org.apache.httpcomponents</groupId>
 			<artifactId>httpclient</artifactId>
-			<version>[4.5.3,4.5.99]</version>
+			<version>[4.5,4.6)</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.logging.log4j</groupId>
+			<artifactId>log4j-api</artifactId>
+			<version>[2.0,3.0)</version>
+			<scope>compile</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.logging.log4j</groupId>
+			<artifactId>log4j-core</artifactId>
+			<version>[2.0,3.0)</version>
+			<scope>compile</scope>
 		</dependency>
 	</dependencies>
 </project>
diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
index c35c6fe..b6a4c01 100644
--- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
+++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
@@ -21,8 +21,6 @@ import javax.xml.xpath.XPathException;
 import javax.xml.xpath.XPathExpression;
 import javax.xml.xpath.XPathFactory;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.apache.http.HttpResponse;
 import org.apache.http.HttpStatus;
 import org.apache.http.auth.AuthenticationException;
@@ -33,6 +31,8 @@ import org.apache.http.impl.auth.BasicScheme;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.util.EntityUtils;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.w3c.dom.Document;
 import org.xml.sax.EntityResolver;
 import org.xml.sax.InputSource;
@@ -40,7 +40,7 @@ import org.xml.sax.SAXException;
 
 public abstract class ECPAuthenticatorBase extends Observable {
 
-	protected static Log logger = LogFactory.getLog(ECPAuthenticatorBase.class);
+	protected static Logger logger = LogManager.getLogger(ECPAuthenticatorBase.class);
 	
 	protected ECPAuthenticationInfo authInfo;
 	protected CloseableHttpClient client;
-- 
cgit v1.2.3-55-g7522