AMBARI-25722: Remediation of log4j dependency’s (#3346)
Signed-off-by: Brahma Reddy Battula <brahma@apache.org>
Signed-off-by: Wei-Chiu Chuang <weichiu@apache.org>
Signed-off-by: Viraj Jasani <vjasani@apache.org>
diff --git a/ambari-agent/pom.xml b/ambari-agent/pom.xml
index 49b6f06..6ee654a 100644
--- a/ambari-agent/pom.xml
+++ b/ambari-agent/pom.xml
@@ -59,6 +59,16 @@
<dependency>
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>commons-cli</groupId>
@@ -117,6 +127,14 @@
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -141,6 +159,14 @@
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/ambari-project/pom.xml b/ambari-project/pom.xml
index d1af2e3..e3e761d 100644
--- a/ambari-project/pom.xml
+++ b/ambari-project/pom.xml
@@ -35,7 +35,9 @@
<checkstyle.version>8.9</checkstyle.version>
<swagger.version>1.5.19</swagger.version>
<swagger.maven.plugin.version>3.1.5</swagger.maven.plugin.version>
- <slf4j.version>1.7.20</slf4j.version>
+ <slf4j.version>1.7.35</slf4j.version>
+ <reload4j.version>1.2.22</reload4j.version>
+ <logback.version>1.2.10</logback.version>
<guice.version>4.1.0</guice.version>
<spring.version>5.3.22</spring.version>
<spring.security.version>5.7.2</spring.security.version>
@@ -266,10 +268,20 @@
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
+ <artifactId>slf4j-reload4j</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-core</artifactId>
+ <version>${logback.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ <version>${logback.version}</version>
+ </dependency>
+ <dependency>
<groupId>org.slf4j</groupId>
<artifactId>jul-to-slf4j</artifactId>
<version>${slf4j.version}</version>
@@ -596,38 +608,6 @@
</exclusions>
</dependency>
<dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>1.2.17</version>
- <exclusions>
- <exclusion>
- <groupId>com.sun.jdmk</groupId>
- <artifactId>jmxtools</artifactId>
- </exclusion>
- <exclusion>
- <groupId>com.sun.jmx</groupId>
- <artifactId>jmxri</artifactId>
- </exclusion>
- <exclusion>
- <groupId>javax.mail</groupId>
- <artifactId>mail</artifactId>
- </exclusion>
- <exclusion>
- <groupId>javax.jms</groupId>
- <artifactId>jmx</artifactId>
- </exclusion>
- <exclusion>
- <groupId>javax.jms</groupId>
- <artifactId>jms</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>apache-log4j-extras</artifactId>
- <version>1.2.17</version>
- </dependency>
- <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.10</version>
diff --git a/ambari-server/conf/unix/log4j.properties b/ambari-server/conf/unix/log4j.properties
index f09de0d..220ae43 100644
--- a/ambari-server/conf/unix/log4j.properties
+++ b/ambari-server/conf/unix/log4j.properties
@@ -88,13 +88,11 @@
# Audit logging
log4j.logger.audit=INFO,audit
log4j.additivity.audit=false
-log4j.appender.audit=org.apache.log4j.rolling.RollingFileAppender
-log4j.appender.audit.rollingPolicy=org.apache.log4j.rolling.FixedWindowRollingPolicy
-log4j.appender.audit.rollingPolicy.ActiveFileName=${ambari.log.dir}/${ambari.audit.file}
-log4j.appender.audit.rollingPolicy.FileNamePattern=${ambari.log.dir}/${ambari.audit.file}-%i.log.gz
-log4j.appender.audit.rollingPolicy.maxIndex=13
-log4j.appender.audit.triggeringPolicy=org.apache.log4j.rolling.SizeBasedTriggeringPolicy
-log4j.appender.audit.triggeringPolicy.maxFileSize=50000000
+log4j.appender.audit=org.apache.log4j.RollingFileAppender
+log4j.appender.audit.File=${ambari.log.dir}/${ambari.audit.file}
+log4j.appender.audit.FileNamePattern=${ambari.log.dir}/${ambari.audit.file}-%i.log.gz
+log4j.appender.audit.MaxFileSize=50000000
+log4j.appender.audit.MaxBackupIndex=13
log4j.appender.audit.layout=org.apache.log4j.PatternLayout
log4j.appender.audit.layout.ConversionPattern=%m%n
diff --git a/ambari-server/pom.xml b/ambari-server/pom.xml
index 82964e4..6dbdb86 100644
--- a/ambari-server/pom.xml
+++ b/ambari-server/pom.xml
@@ -1235,7 +1235,7 @@
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
+ <artifactId>slf4j-reload4j</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
@@ -1246,12 +1246,17 @@
<artifactId>jcl-over-slf4j</artifactId>
</dependency>
<dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
+ <groupId>ch.qos.reload4j</groupId>
+ <artifactId>reload4j</artifactId>
+ <version>${reload4j.version}</version>
</dependency>
<dependency>
- <groupId>log4j</groupId>
- <artifactId>apache-log4j-extras</artifactId>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
</dependency>
<dependency>
<groupId>org.eclipse.persistence</groupId>
@@ -1614,6 +1619,12 @@
<groupId>org.snmp4j</groupId>
<artifactId>snmp4j</artifactId>
<version>1.10.1</version>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.esotericsoftware.yamlbeans</groupId>
@@ -1677,6 +1688,14 @@
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -1724,6 +1743,14 @@
<groupId>com.jcraft</groupId>
<artifactId>jsch</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/checks/DatabaseConsistencyChecker.java b/ambari-server/src/main/java/org/apache/ambari/server/checks/DatabaseConsistencyChecker.java
index 3e7a4e7..b897c05 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/checks/DatabaseConsistencyChecker.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/checks/DatabaseConsistencyChecker.java
@@ -17,7 +17,7 @@
*/
package org.apache.ambari.server.checks;
-import java.util.Enumeration;
+import java.util.Iterator;
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.audit.AuditLoggerModule;
@@ -25,16 +25,18 @@
import org.apache.ambari.server.ldap.LdapModule;
import org.apache.ambari.server.orm.DBAccessor;
import org.apache.ambari.server.utils.EventBusSynchronizer;
-import org.apache.log4j.FileAppender;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.slf4j.impl.Log4jLoggerAdapter;
import com.google.inject.Guice;
import com.google.inject.Inject;
import com.google.inject.Injector;
import com.google.inject.persist.PersistService;
+import ch.qos.logback.classic.spi.ILoggingEvent;
+import ch.qos.logback.core.Appender;
+import ch.qos.logback.core.FileAppender;
+
public class DatabaseConsistencyChecker {
private static final Logger LOG = LoggerFactory.getLogger
(DatabaseConsistencyChecker.class);
@@ -123,15 +125,14 @@
DatabaseConsistencyCheckHelper.closeConnection();
if (DatabaseConsistencyCheckHelper.getLastCheckResult().isErrorOrWarning()) {
String ambariDBConsistencyCheckLog = "ambari-server-check-database.log";
- if (LOG instanceof Log4jLoggerAdapter) {
- org.apache.log4j.Logger dbConsistencyCheckHelperLogger = org.apache.log4j.Logger.getLogger(DatabaseConsistencyCheckHelper.class);
- Enumeration appenders = dbConsistencyCheckHelperLogger.getAllAppenders();
- while (appenders.hasMoreElements()) {
- Object appender = appenders.nextElement();
- if (appender instanceof FileAppender) {
- ambariDBConsistencyCheckLog = ((FileAppender) appender).getFile();
- break;
- }
+ ch.qos.logback.classic.Logger dbConsistencyCheckHelperLogger =
+ (ch.qos.logback.classic.Logger) LoggerFactory.getLogger(DatabaseConsistencyCheckHelper.class);
+
+ for (Iterator<Appender<ILoggingEvent>> index = dbConsistencyCheckHelperLogger.iteratorForAppenders(); index.hasNext();){
+ Appender<ILoggingEvent> appender = index.next();
+ if (appender instanceof FileAppender) {
+ ambariDBConsistencyCheckLog = ((FileAppender) appender).getFile();
+ break;
}
}
ambariDBConsistencyCheckLog = ambariDBConsistencyCheckLog.replace("//", "/");
diff --git a/ambari-utility/pom.xml b/ambari-utility/pom.xml
index e93b262..4d0adfe 100644
--- a/ambari-utility/pom.xml
+++ b/ambari-utility/pom.xml
@@ -49,6 +49,10 @@
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-xml</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -64,12 +68,13 @@
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
+ <artifactId>slf4j-reload4j</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
+ <groupId>ch.qos.reload4j</groupId>
+ <artifactId>reload4j</artifactId>
+ <version>${reload4j.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
diff --git a/contrib/ambari-log4j/pom.xml b/contrib/ambari-log4j/pom.xml
index 2cd9523..40c29f1 100644
--- a/contrib/ambari-log4j/pom.xml
+++ b/contrib/ambari-log4j/pom.xml
@@ -46,31 +46,8 @@
<version>1.2.1</version>
</dependency>
<dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>1.2.15</version>
- <exclusions>
- <exclusion>
- <groupId>com.sun.jdmk</groupId>
- <artifactId>jmxtools</artifactId>
- </exclusion>
- <exclusion>
- <groupId>com.sun.jmx</groupId>
- <artifactId>jmxri</artifactId>
- </exclusion>
- <exclusion>
- <groupId>javax.mail</groupId>
- <artifactId>mail</artifactId>
- </exclusion>
- <exclusion>
- <groupId>javax.jms</groupId>
- <artifactId>jmx</artifactId>
- </exclusion>
- <exclusion>
- <groupId>javax.jms</groupId>
- <artifactId>jms</artifactId>
- </exclusion>
- </exclusions>
+ <groupId>ch.qos.reload4j</groupId>
+ <artifactId>reload4j</artifactId>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
diff --git a/contrib/ambari-scom/metrics-sink/pom.xml b/contrib/ambari-scom/metrics-sink/pom.xml
index 2727fee..1e586c9 100644
--- a/contrib/ambari-scom/metrics-sink/pom.xml
+++ b/contrib/ambari-scom/metrics-sink/pom.xml
@@ -27,9 +27,9 @@
<name>Ambari SCOM Metrics Sink</name>
<dependencies>
<dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>1.2.17</version>
+ <groupId>ch.qos.reload4j</groupId>
+ <artifactId>reload4j</artifactId>
+ <version>1.2.22</version>
</dependency>
<dependency>
<groupId>junit</groupId>
