Hibernate
/
hibernate-orm
mirror of https://github.com/hibernate/hibernate-orm
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Log4j Vulnerability - https://blog.gradle.org/log4j-vulnerability; 

Upgrade Gradle Enterprise plugin to 3.8
This commit is contained in:
Steve Ebersole 2022-01-11 15:47:13 -06:00
parent ef6c14a0be
commit e446b7c99b
3 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
gradle/base-information.gradle
View File

@ -7,6 +7,21 @@
apply plugin: 'base' apply plugin: 'base'
buildscript {
dependencies {
constraints {
classpath("org.apache.logging.log4j:log4j-core") {
version {
strictly("[2.17, 3[")
prefer("2.17.0")
}
because("CVE-2021-44228, CVE-2021-45046, CVE-2021-45105: Log4j vulnerable to remote code execution and other critical security vulnerabilities")
}
}
}
}
ext { ext {
ormVersionFile = file("${rootProject.projectDir}/gradle/version.properties") ormVersionFile = file("${rootProject.projectDir}/gradle/version.properties")

11
gradle/java-module.gradle
View File

@ -125,6 +125,17 @@ dependencies {
annotationProcessor libraries.logging_processor annotationProcessor libraries.logging_processor
annotationProcessor libraries.logging annotationProcessor libraries.logging
annotationProcessor libraries.logging_annotations annotationProcessor libraries.logging_annotations
constraints {
implementation('org.apache.logging.log4j:log4j-core') {
version {
strictly('[2.17, 3[')
prefer('2.17.0')
}
because('CVE-2021-44228, CVE-2021-45046, CVE-2021-45105: Log4j vulnerable to remote code execution and other critical security vulnerabilities')
}
}
} }

2
settings.gradle
View File

@ -16,7 +16,7 @@ pluginManagement {
} }
plugins { plugins {
id 'com.gradle.enterprise' version '3.6.1' id 'com.gradle.enterprise' version '3.8'
id 'com.gradle.common-custom-user-data-gradle-plugin' version '1.4.2' id 'com.gradle.common-custom-user-data-gradle-plugin' version '1.4.2'
} }