From 4a76a59d69728ac953332217b14b763a11c82aaf Mon Sep 17 00:00:00 2001
From: Erick Erickson <Erick.Erickson@gmail.com>
Date: Fri, 8 May 2020 13:28:19 -0400
Subject: [PATCH] SOLR-14466: Upgrade log4j2 to latest release (2.13.2)

---
 lucene/ivy-versions.properties                 | 2 +-
 lucene/licenses/log4j-api-2.11.2.jar.sha1      | 1 -
 lucene/licenses/log4j-api-2.13.2.jar.sha1      | 1 +
 lucene/licenses/log4j-core-2.11.2.jar.sha1     | 1 -
 lucene/licenses/log4j-core-2.13.2.jar.sha1     | 1 +
 solr/CHANGES.txt                               | 2 ++
 solr/licenses/log4j-1.2-api-2.11.2.jar.sha1    | 1 -
 solr/licenses/log4j-1.2-api-2.13.2.jar.sha1    | 1 +
 solr/licenses/log4j-api-2.11.2.jar.sha1        | 1 -
 solr/licenses/log4j-api-2.13.2.jar.sha1        | 1 +
 solr/licenses/log4j-core-2.11.2.jar.sha1       | 1 -
 solr/licenses/log4j-core-2.13.2.jar.sha1       | 1 +
 solr/licenses/log4j-slf4j-impl-2.11.2.jar.sha1 | 1 -
 solr/licenses/log4j-slf4j-impl-2.13.2.jar.sha1 | 1 +
 solr/licenses/log4j-web-2.11.2.jar.sha1        | 1 -
 solr/licenses/log4j-web-2.13.2.jar.sha1        | 1 +
 versions.lock                                  | 8 ++++----
 versions.props                                 | 2 +-
 18 files changed, 15 insertions(+), 13 deletions(-)
 delete mode 100644 lucene/licenses/log4j-api-2.11.2.jar.sha1
 create mode 100644 lucene/licenses/log4j-api-2.13.2.jar.sha1
 delete mode 100644 lucene/licenses/log4j-core-2.11.2.jar.sha1
 create mode 100644 lucene/licenses/log4j-core-2.13.2.jar.sha1
 delete mode 100644 solr/licenses/log4j-1.2-api-2.11.2.jar.sha1
 create mode 100644 solr/licenses/log4j-1.2-api-2.13.2.jar.sha1
 delete mode 100644 solr/licenses/log4j-api-2.11.2.jar.sha1
 create mode 100644 solr/licenses/log4j-api-2.13.2.jar.sha1
 delete mode 100644 solr/licenses/log4j-core-2.11.2.jar.sha1
 create mode 100644 solr/licenses/log4j-core-2.13.2.jar.sha1
 delete mode 100644 solr/licenses/log4j-slf4j-impl-2.11.2.jar.sha1
 create mode 100644 solr/licenses/log4j-slf4j-impl-2.13.2.jar.sha1
 delete mode 100644 solr/licenses/log4j-web-2.11.2.jar.sha1
 create mode 100644 solr/licenses/log4j-web-2.13.2.jar.sha1

diff --git a/lucene/ivy-versions.properties b/lucene/ivy-versions.properties
index 8ab9fe8604b..f9b1808b9ec 100644
--- a/lucene/ivy-versions.properties
+++ b/lucene/ivy-versions.properties
@@ -179,7 +179,7 @@ org.apache.kerby.version = 1.0.1
 /org.apache.kerby/kerby-pkix = ${org.apache.kerby.version}
 /org.apache.kerby/kerby-util = ${org.apache.kerby.version}
 
-org.apache.logging.log4j.version = 2.11.2
+org.apache.logging.log4j.version = 2.13.2
 /org.apache.logging.log4j/log4j-1.2-api = ${org.apache.logging.log4j.version}
 /org.apache.logging.log4j/log4j-api = ${org.apache.logging.log4j.version}
 /org.apache.logging.log4j/log4j-core = ${org.apache.logging.log4j.version}
diff --git a/lucene/licenses/log4j-api-2.11.2.jar.sha1 b/lucene/licenses/log4j-api-2.11.2.jar.sha1
deleted file mode 100644
index 0cdea100b72..00000000000
--- a/lucene/licenses/log4j-api-2.11.2.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-f5e9a2ffca496057d6891a3de65128efc636e26e
diff --git a/lucene/licenses/log4j-api-2.13.2.jar.sha1 b/lucene/licenses/log4j-api-2.13.2.jar.sha1
new file mode 100644
index 00000000000..a9826491245
--- /dev/null
+++ b/lucene/licenses/log4j-api-2.13.2.jar.sha1
@@ -0,0 +1 @@
+567ea514dedd8679c429c5b5b39b0d67b6464c3c
diff --git a/lucene/licenses/log4j-core-2.11.2.jar.sha1 b/lucene/licenses/log4j-core-2.11.2.jar.sha1
deleted file mode 100644
index ec2acae4df7..00000000000
--- a/lucene/licenses/log4j-core-2.11.2.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-6c2fb3f5b7cd27504726aef1b674b542a0c9cf53
diff --git a/lucene/licenses/log4j-core-2.13.2.jar.sha1 b/lucene/licenses/log4j-core-2.13.2.jar.sha1
new file mode 100644
index 00000000000..ce26d9c45a8
--- /dev/null
+++ b/lucene/licenses/log4j-core-2.13.2.jar.sha1
@@ -0,0 +1 @@
+8eb1fc1914eb2550bf3ddea26917c9a7cbb00593
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index d5cc077147d..fb65169bbd8 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -194,6 +194,8 @@ Other Changes
 
 * SOLR-14173: Major redesign of the Solr Reference Guide (Cassandra Targett)
 
+* SOLR-14466: Upgrade log4j2 to latest release (2.13.2) (Erick Erickson)
+
 ==================  8.5.1 ==================
 
 Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release.
diff --git a/solr/licenses/log4j-1.2-api-2.11.2.jar.sha1 b/solr/licenses/log4j-1.2-api-2.11.2.jar.sha1
deleted file mode 100644
index 4ad6f967664..00000000000
--- a/solr/licenses/log4j-1.2-api-2.11.2.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-afb9ef0baba766725c3733e6a2626877dba72715
diff --git a/solr/licenses/log4j-1.2-api-2.13.2.jar.sha1 b/solr/licenses/log4j-1.2-api-2.13.2.jar.sha1
new file mode 100644
index 00000000000..78679ce88d6
--- /dev/null
+++ b/solr/licenses/log4j-1.2-api-2.13.2.jar.sha1
@@ -0,0 +1 @@
+d05a7928403d9a8b37d66dc85319c33e5dba17dd
diff --git a/solr/licenses/log4j-api-2.11.2.jar.sha1 b/solr/licenses/log4j-api-2.11.2.jar.sha1
deleted file mode 100644
index 0cdea100b72..00000000000
--- a/solr/licenses/log4j-api-2.11.2.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-f5e9a2ffca496057d6891a3de65128efc636e26e
diff --git a/solr/licenses/log4j-api-2.13.2.jar.sha1 b/solr/licenses/log4j-api-2.13.2.jar.sha1
new file mode 100644
index 00000000000..a9826491245
--- /dev/null
+++ b/solr/licenses/log4j-api-2.13.2.jar.sha1
@@ -0,0 +1 @@
+567ea514dedd8679c429c5b5b39b0d67b6464c3c
diff --git a/solr/licenses/log4j-core-2.11.2.jar.sha1 b/solr/licenses/log4j-core-2.11.2.jar.sha1
deleted file mode 100644
index ec2acae4df7..00000000000
--- a/solr/licenses/log4j-core-2.11.2.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-6c2fb3f5b7cd27504726aef1b674b542a0c9cf53
diff --git a/solr/licenses/log4j-core-2.13.2.jar.sha1 b/solr/licenses/log4j-core-2.13.2.jar.sha1
new file mode 100644
index 00000000000..ce26d9c45a8
--- /dev/null
+++ b/solr/licenses/log4j-core-2.13.2.jar.sha1
@@ -0,0 +1 @@
+8eb1fc1914eb2550bf3ddea26917c9a7cbb00593
diff --git a/solr/licenses/log4j-slf4j-impl-2.11.2.jar.sha1 b/solr/licenses/log4j-slf4j-impl-2.11.2.jar.sha1
deleted file mode 100644
index 69bca4b80c0..00000000000
--- a/solr/licenses/log4j-slf4j-impl-2.11.2.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-4d44e4edc4a7fb39f09b95b09f560a15976fa1ba
diff --git a/solr/licenses/log4j-slf4j-impl-2.13.2.jar.sha1 b/solr/licenses/log4j-slf4j-impl-2.13.2.jar.sha1
new file mode 100644
index 00000000000..58fa437840b
--- /dev/null
+++ b/solr/licenses/log4j-slf4j-impl-2.13.2.jar.sha1
@@ -0,0 +1 @@
+49df25f7a35dd7fbd8131fc5ab09665d18e3d4fe
diff --git a/solr/licenses/log4j-web-2.11.2.jar.sha1 b/solr/licenses/log4j-web-2.11.2.jar.sha1
deleted file mode 100644
index cc4476efe49..00000000000
--- a/solr/licenses/log4j-web-2.11.2.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-d11ebc03fdf773d32143e0f7ea0fc131c21311e7
diff --git a/solr/licenses/log4j-web-2.13.2.jar.sha1 b/solr/licenses/log4j-web-2.13.2.jar.sha1
new file mode 100644
index 00000000000..5dad454a820
--- /dev/null
+++ b/solr/licenses/log4j-web-2.13.2.jar.sha1
@@ -0,0 +1 @@
+fb0fd4f049e77ced8db9b7706d33681c73ecb7e4
diff --git a/versions.lock b/versions.lock
index ee2d41a7c31..44ded4189c6 100644
--- a/versions.lock
+++ b/versions.lock
@@ -117,9 +117,9 @@ org.apache.kerby:kerby-asn1:1.0.1 (2 constraints: 001155df)
 org.apache.kerby:kerby-config:1.0.1 (1 constraints: 860b05e6)
 org.apache.kerby:kerby-pkix:1.0.1 (2 constraints: 741065ca)
 org.apache.kerby:kerby-util:1.0.1 (2 constraints: 6518bdb6)
-org.apache.logging.log4j:log4j-api:2.11.2 (4 constraints: c83394ae)
-org.apache.logging.log4j:log4j-core:2.11.2 (3 constraints: 102588ba)
-org.apache.logging.log4j:log4j-slf4j-impl:2.11.2 (1 constraints: 3805343b)
+org.apache.logging.log4j:log4j-api:2.13.2 (4 constraints: d033f2b0)
+org.apache.logging.log4j:log4j-core:2.13.2 (2 constraints: 0d16b224)
+org.apache.logging.log4j:log4j-slf4j-impl:2.13.2 (1 constraints: 3a053a3b)
 org.apache.opennlp:opennlp-tools:1.9.1 (1 constraints: 0d050c36)
 org.apache.pdfbox:fontbox:2.0.17 (1 constraints: 3c05323b)
 org.apache.pdfbox:jempbox:1.8.16 (1 constraints: 42054b3b)
@@ -223,7 +223,7 @@ org.apache.kerby:kerb-identity:1.0.1 (1 constraints: 0405f135)
 org.apache.kerby:kerb-server:1.0.1 (1 constraints: 0405f135)
 org.apache.kerby:kerb-simplekdc:1.0.1 (1 constraints: 0405f135)
 org.apache.kerby:kerby-kdc:1.0.1 (1 constraints: 0405f135)
-org.apache.logging.log4j:log4j-1.2-api:2.11.2 (1 constraints: 3805343b)
+org.apache.logging.log4j:log4j-1.2-api:2.13.2 (1 constraints: 3a053a3b)
 org.hsqldb:hsqldb:2.4.0 (1 constraints: 08050136)
 org.locationtech.jts:jts-core:1.15.0 (1 constraints: 3905383b)
 org.mockito:mockito-core:2.23.4 (1 constraints: 3d05403b)
diff --git a/versions.props b/versions.props
index 6eb12791892..efefd2fd6f3 100644
--- a/versions.props
+++ b/versions.props
@@ -67,7 +67,7 @@ org.apache.httpcomponents:httpcore=4.4.12
 org.apache.httpcomponents:httpmime=4.5.10
 org.apache.james:apache-mime4j*=0.8.3
 org.apache.kerby:*=1.0.1
-org.apache.logging.log4j:*=2.11.2
+org.apache.logging.log4j:*=2.13.2
 org.apache.opennlp:opennlp-tools=1.9.1
 org.apache.pdfbox:*=2.0.17
 org.apache.pdfbox:jempbox=1.8.16