From 05e7b37f12e5e426f66eee6bd899a68ed982660f Mon Sep 17 00:00:00 2001 From: Joseph Zuniga-Daly Date: Wed, 27 Sep 2023 17:18:48 +0100 Subject: [PATCH 1/4] CORE-15310: Upgrade CLI PF4J to 3.10 and SLF4J to 2.0.6 --- gradle.properties | 3 ++- testing/e2e-test-utilities/build.gradle | 9 +++++++++ tools/plugins/db-config/build.gradle | 5 +++++ tools/plugins/network/build.gradle | 9 +++++++++ tools/plugins/package/build.gradle | 9 +++++++++ tools/plugins/topic-config/build.gradle | 5 +++++ tools/plugins/virtual-node/build.gradle | 5 +++++ 7 files changed, 44 insertions(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 69e6dfe0c8a..fdbde749f71 100644 --- a/gradle.properties +++ b/gradle.properties @@ -89,6 +89,7 @@ quasarVersion = 0.9.1_r3-SNAPSHOT reflectAsmVersion = 1.11.9 # SLF4J cannot be ugraded to 2.x due to CorDapps requiring the 1.7 <= x < 2.0 slf4jVersion=1.7.36 +slf4jV2Version=2.0.6 # Snappy version used for serialization snappyVersion=0.4 # Completely different version of Snappy used in Kafka client @@ -136,7 +137,7 @@ jibCoreVersion=0.23.0 artifactoryPluginVersion = 4.28.2 # PF4J -pf4jVersion=3.9.0 +pf4jVersion=3.10.0 # corda-cli plugin host pluginHostVersion=5.1.0-beta+ diff --git a/testing/e2e-test-utilities/build.gradle b/testing/e2e-test-utilities/build.gradle index 7aa44025bc0..effba2c7776 100644 --- a/testing/e2e-test-utilities/build.gradle +++ b/testing/e2e-test-utilities/build.gradle @@ -6,6 +6,15 @@ plugins { description 'E2E test utilities' dependencies { + constraints { + implementation('org.slf4j:slf4j-api') { + version { + strictly slf4jV2Version + } + } + + } + implementation "net.corda:corda-config-schema:$cordaApiVersion" implementation "com.konghq:unirest-java:$unirestVersion" diff --git a/tools/plugins/db-config/build.gradle b/tools/plugins/db-config/build.gradle index af2c968dde7..27d453df2fc 100644 --- a/tools/plugins/db-config/build.gradle +++ b/tools/plugins/db-config/build.gradle @@ -26,6 +26,11 @@ dependencies { implementation("org.yaml:snakeyaml:$snakeyamlVersion") { because "required until liquibase-core updates it's internal version of snakeYaml, currently using 1.33 which has CVE-2022-1471" } + implementation('org.slf4j:slf4j-api') { + version { + strictly slf4jV2Version + } + } } // DO NOT DISTRIBUTE DRIVERS HERE WE ARE NOT LICENSED TO DISTRIBUTE diff --git a/tools/plugins/network/build.gradle b/tools/plugins/network/build.gradle index d07024eaf3c..f8216d3c1c9 100644 --- a/tools/plugins/network/build.gradle +++ b/tools/plugins/network/build.gradle @@ -13,6 +13,15 @@ ext { group 'net.corda.cli.deployment' dependencies { + constraints { + implementation('org.slf4j:slf4j-api') { + version { + strictly slf4jV2Version + } + } + + } + compileOnly "net.corda.cli.host:api:$pluginHostVersion" implementation "com.fasterxml.jackson.module:jackson-module-kotlin:$jacksonVersion" diff --git a/tools/plugins/package/build.gradle b/tools/plugins/package/build.gradle index 29c95f4ef60..a5433f772bc 100644 --- a/tools/plugins/package/build.gradle +++ b/tools/plugins/package/build.gradle @@ -13,6 +13,15 @@ ext { group 'net.corda.cli.deployment' dependencies { + constraints { + implementation('org.slf4j:slf4j-api') { + version { + strictly slf4jV2Version + } + } + + } + compileOnly "net.corda.cli.host:api:$pluginHostVersion" implementation project(':libs:packaging:packaging-verify') diff --git a/tools/plugins/topic-config/build.gradle b/tools/plugins/topic-config/build.gradle index 896708307ad..536740def19 100644 --- a/tools/plugins/topic-config/build.gradle +++ b/tools/plugins/topic-config/build.gradle @@ -29,6 +29,11 @@ dependencies { because 'Kafka Client uses an older version of Snappy library which is exposed to CVE-2023-34455. ' + 'This might be resolved in the future versions of Kafka Client.' } + implementation('org.slf4j:slf4j-api') { + version { + strictly slf4jV2Version + } + } } testImplementation 'org.jetbrains.kotlin:kotlin-stdlib' diff --git a/tools/plugins/virtual-node/build.gradle b/tools/plugins/virtual-node/build.gradle index da527dd6ec0..775862d81cd 100644 --- a/tools/plugins/virtual-node/build.gradle +++ b/tools/plugins/virtual-node/build.gradle @@ -33,6 +33,11 @@ dependencies { implementation("org.yaml:snakeyaml:$snakeyamlVersion") { because "required until liquibase-core updates it's internal version of snakeYaml, currently using 1.33 which has CVE-2022-1471" } + implementation('org.slf4j:slf4j-api') { + version { + strictly slf4jV2Version + } + } } // DO NOT DISTRIBUTE DRIVERS HERE WE ARE NOT LICENSED TO DISTRIBUTE From aa36735d19e997ecb39f0905435684493d5ada03 Mon Sep 17 00:00:00 2001 From: Joseph Zuniga-Daly Date: Thu, 28 Sep 2023 11:37:32 +0100 Subject: [PATCH 2/4] CORE-15310: Swap log4j-slf4j-impl for log4j-slf4j2-impl in CLI test --- testing/e2e-test-utilities/build.gradle | 1 - tools/plugins/network/build.gradle | 1 - tools/plugins/package/build.gradle | 3 +-- 3 files changed, 1 insertion(+), 4 deletions(-) diff --git a/testing/e2e-test-utilities/build.gradle b/testing/e2e-test-utilities/build.gradle index effba2c7776..361c1609176 100644 --- a/testing/e2e-test-utilities/build.gradle +++ b/testing/e2e-test-utilities/build.gradle @@ -12,7 +12,6 @@ dependencies { strictly slf4jV2Version } } - } implementation "net.corda:corda-config-schema:$cordaApiVersion" diff --git a/tools/plugins/network/build.gradle b/tools/plugins/network/build.gradle index f8216d3c1c9..0348792f06d 100644 --- a/tools/plugins/network/build.gradle +++ b/tools/plugins/network/build.gradle @@ -19,7 +19,6 @@ dependencies { strictly slf4jV2Version } } - } compileOnly "net.corda.cli.host:api:$pluginHostVersion" diff --git a/tools/plugins/package/build.gradle b/tools/plugins/package/build.gradle index a5433f772bc..55695d61d8c 100644 --- a/tools/plugins/package/build.gradle +++ b/tools/plugins/package/build.gradle @@ -19,7 +19,6 @@ dependencies { strictly slf4jV2Version } } - } compileOnly "net.corda.cli.host:api:$pluginHostVersion" @@ -36,7 +35,7 @@ dependencies { testImplementation project(":testing:test-utilities") testImplementation project(":testing:packaging-test-utilities") - testRuntimeOnly "org.apache.logging.log4j:log4j-slf4j-impl:$log4jVersion" + testRuntimeOnly "org.apache.logging.log4j:log4j-slf4j2-impl:$log4jVersion" } cliPlugin { From e85f0f7efa73a069e9eb0856dc8c914c49b1cff2 Mon Sep 17 00:00:00 2001 From: Joseph Zuniga-Daly Date: Thu, 28 Sep 2023 14:16:29 +0100 Subject: [PATCH 3/4] CORE-15310: Use SLF4J 1 in E2E test utilities --- testing/e2e-test-utilities/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testing/e2e-test-utilities/build.gradle b/testing/e2e-test-utilities/build.gradle index 361c1609176..c120cbdf7da 100644 --- a/testing/e2e-test-utilities/build.gradle +++ b/testing/e2e-test-utilities/build.gradle @@ -9,7 +9,7 @@ dependencies { constraints { implementation('org.slf4j:slf4j-api') { version { - strictly slf4jV2Version + strictly slf4jVersion } } } From 4b10351c89ef65899eb5d830f7a1d5292037a85f Mon Sep 17 00:00:00 2001 From: Joseph Zuniga-Daly Date: Fri, 29 Sep 2023 12:24:41 +0100 Subject: [PATCH 4/4] CORE-16786: Explain CLI uses SLF4J 2 in gradle.properties --- gradle.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/gradle.properties b/gradle.properties index fdbde749f71..beba27425a6 100644 --- a/gradle.properties +++ b/gradle.properties @@ -89,6 +89,7 @@ quasarVersion = 0.9.1_r3-SNAPSHOT reflectAsmVersion = 1.11.9 # SLF4J cannot be ugraded to 2.x due to CorDapps requiring the 1.7 <= x < 2.0 slf4jVersion=1.7.36 +# The CLI uses SLF4J version 2 slf4jV2Version=2.0.6 # Snappy version used for serialization snappyVersion=0.4