Remediation for Log4Shell vulnerability

Upgrade log4j to 2.17.1

Change-Id: I5bbe0f1eb03c9cda547f2cf5f9acc162934ae4d1
Signed-off-by: vv770d <vv770d@att.com>
Issue-ID: DCAEGEN2-3022
Signed-off-by: vv770d <vv770d@att.com>

diff --git a/Changelog.md b/Changelog.md
index c1e4124..b505bcb 100644 (file)
--- a/Changelog.md
+++ b/Changelog.md
@@ -4,8 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [1.3.2] - 2022/01/18
+         - [DCAEGEN2-3022] - Remediation for Log4Shell vulnerability (upgrade to 2.17.1)
+
 ## [1.3.1] - 2021/12/14
-         - [DCAEGEN2-3022] - Remediation for Log4Shell vulnerability
+         - [DCAEGEN2-3022] - Remediation for Log4Shell vulnerability (upgrade to 2.16.0)
 
 ## [1.3.0] - 2021/08/26
        - [DCAEGEN2-2806] Mapper security vulnerability updates for Istanbul

diff --git a/UniversalVesAdapter/pom.xml b/UniversalVesAdapter/pom.xml
index 111e2e2..e5169de 100644 (file)
--- a/UniversalVesAdapter/pom.xml
+++ b/UniversalVesAdapter/pom.xml
@@ -5,7 +5,7 @@
 * ================================================================================
 * Copyright 2018-2019 TechMahindra
 * Copyright (C) 2020 Huawei Technologies Co., Ltd.
-* Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+* Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved.
 * ================================================================================
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -28,15 +28,12 @@
 
        <groupId>org.onap.dcaegen2.services.mapper.vesadapter</groupId>
        <artifactId>UniversalVesAdapter</artifactId>
-       <version>1.3.1-SNAPSHOT</version>
-
-
+       <version>1.3.2-SNAPSHOT</version>
        <parent>
                <groupId>org.onap.dcaegen2.services.mapper</groupId>
                <artifactId>mapper</artifactId>
-               <version>1.3.1-SNAPSHOT</version>
+               <version>1.3.2-SNAPSHOT</version>
        </parent>
-
        <properties>
 
                <!-- PROJECT SETTINGS -->
@@ -198,12 +195,12 @@
                <dependency>
                        <groupId>org.apache.logging.log4j</groupId>
                        <artifactId>log4j-core</artifactId>
-                       <version>2.16.0</version>
+                       <version>2.17.1</version>
                </dependency>
                <dependency>
                        <groupId>org.apache.logging.log4j</groupId>
                        <artifactId>log4j-api</artifactId>
-                       <version>2.16.0</version>
+                       <version>2.17.1</version>
                </dependency>
                <dependency>
                        <groupId>org.codehaus.groovy</groupId>

diff --git a/pom.xml b/pom.xml
index aece60e..f358125 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
 * ================================================================================
 * Copyright 2018-2019 TechMahindra
 * Copyright (C) 2020 Huawei Technologies Co., Ltd.
-* Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+* Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved.
 * ================================================================================
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -32,7 +32,7 @@
 
     <groupId>org.onap.dcaegen2.services.mapper</groupId>
     <artifactId>mapper</artifactId>
-    <version>1.3.1-SNAPSHOT</version>
+    <version>1.3.2-SNAPSHOT</version>
     <packaging>pom</packaging>
 
     <name>dcaegen2-services-mapper</name>

diff --git a/version.properties b/version.properties
index 46bf259..55f24a9 100644 (file)
--- a/version.properties
+++ b/version.properties
@@ -1,6 +1,6 @@
 major=1\r
 minor=3\r
-patch=1\r
+patch=2\r
 base_version=${major}.${minor}.${patch}\r
 release_version=${base_version}\r
 snapshot_version=${base_version}-SNAPSHOT\r