refs #11373 - latest log4j version in scala gradle

Author: frantuma

modules/swagger-codegen/src/main/resources/scala/build.gradle.mustache

@@ -23,7 +23,7 @@ if(hasProperty('target') && target == 'android') {
 
     apply plugin: 'com.android.library'
     apply plugin: 'com.github.dcendents.android-maven'
-    
+
     android {
         compileSdkVersion 23
         buildToolsVersion '23.0.2'
@@ -35,7 +35,7 @@ if(hasProperty('target') && target == 'android') {
             sourceCompatibility JavaVersion.VERSION_1_7
             targetCompatibility JavaVersion.VERSION_1_7
         }
-    
+
         // Rename the aar correctly
         libraryVariants.all { variant ->
             variant.outputs.each { output ->
@@ -51,7 +51,7 @@ if(hasProperty('target') && target == 'android') {
             provided 'javax.annotation:jsr250-api:1.0'
         }
     }
-    
+
     afterEvaluate {
         android.libraryVariants.all { variant ->
             def task = project.tasks.create "jar${variant.name.capitalize()}", Jar
@@ -63,12 +63,12 @@ if(hasProperty('target') && target == 'android') {
             artifacts.add('archives', task);
         }
     }
-    
+
     task sourcesJar(type: Jar) {
         from android.sourceSets.main.java.srcDirs
         classifier = 'sources'
     }
-    
+
     artifacts {
         archives sourcesJar
     }
@@ -78,16 +78,16 @@ if(hasProperty('target') && target == 'android') {
     apply plugin: 'scala'
     apply plugin: 'java'
     apply plugin: 'maven'
-    
+
     sourceCompatibility = JavaVersion.VERSION_1_7
     targetCompatibility = JavaVersion.VERSION_1_7
-    
+
     install {
         repositories.mavenInstaller {
             pom.artifactId = '{{artifactId}}'
         }
     }
-    
+
     task execute(type:JavaExec) {
        main = System.getProperty('mainClass')
        classpath = sourceSets.main.runtimeClasspath
@@ -124,4 +124,13 @@ dependencies {
     compile "joda-time:joda-time:$jodatime_version"
     compile "org.joda:joda-convert:$joda_version"
     compile "com.wordnik.swagger:swagger-async-httpclient_2.10:$swagger_async_httpclient_version"
+    constraints {
+        zinc("org.apache.logging.log4j:log4j-core") {
+            version {
+                strictly("[2.17.1, 3[")
+                prefer("2.17.1")
+            }
+            because("Log4j vulnerable to remote code execution and other critical security vulnerabilities")
+        }
+    }
 }

samples/client/petstore-security-test/scala/build.gradle

@@ -23,7 +23,7 @@ if(hasProperty('target') && target == 'android') {
 
     apply plugin: 'com.android.library'
     apply plugin: 'com.github.dcendents.android-maven'
-    
+
     android {
         compileSdkVersion 23
         buildToolsVersion '23.0.2'
@@ -35,7 +35,7 @@ if(hasProperty('target') && target == 'android') {
             sourceCompatibility JavaVersion.VERSION_1_7
             targetCompatibility JavaVersion.VERSION_1_7
         }
-    
+
         // Rename the aar correctly
         libraryVariants.all { variant ->
             variant.outputs.each { output ->
@@ -51,7 +51,7 @@ if(hasProperty('target') && target == 'android') {
             provided 'javax.annotation:jsr250-api:1.0'
         }
     }
-    
+
     afterEvaluate {
         android.libraryVariants.all { variant ->
             def task = project.tasks.create "jar${variant.name.capitalize()}", Jar
@@ -63,12 +63,12 @@ if(hasProperty('target') && target == 'android') {
             artifacts.add('archives', task);
         }
     }
-    
+
     task sourcesJar(type: Jar) {
         from android.sourceSets.main.java.srcDirs
         classifier = 'sources'
     }
-    
+
     artifacts {
         archives sourcesJar
     }
@@ -78,19 +78,19 @@ if(hasProperty('target') && target == 'android') {
     apply plugin: 'scala'
     apply plugin: 'java'
     apply plugin: 'maven'
-    
+
     sourceCompatibility = JavaVersion.VERSION_1_7
     targetCompatibility = JavaVersion.VERSION_1_7
-    
+
     install {
         repositories.mavenInstaller {
             pom.artifactId = 'swagger-scala-client'
         }
     }
-    
+
     task execute(type:JavaExec) {
-       main = System.getProperty('mainClass')
-       classpath = sourceSets.main.runtimeClasspath
+        main = System.getProperty('mainClass')
+        classpath = sourceSets.main.runtimeClasspath
     }
 }
 
@@ -124,4 +124,13 @@ dependencies {
     compile "joda-time:joda-time:$jodatime_version"
     compile "org.joda:joda-convert:$joda_version"
     compile "com.wordnik.swagger:swagger-async-httpclient_2.10:$swagger_async_httpclient_version"
+    constraints {
+        zinc("org.apache.logging.log4j:log4j-core") {
+            version {
+                strictly("[2.17.1, 3[")
+                prefer("2.17.1")
+            }
+            because("Log4j vulnerable to remote code execution and other critical security vulnerabilities")
+        }
+    }
 }

samples/client/petstore/scala/build.gradle

@@ -23,7 +23,7 @@ if(hasProperty('target') && target == 'android') {
 
     apply plugin: 'com.android.library'
     apply plugin: 'com.github.dcendents.android-maven'
-    
+
     android {
         compileSdkVersion 23
         buildToolsVersion '23.0.2'
@@ -35,7 +35,7 @@ if(hasProperty('target') && target == 'android') {
             sourceCompatibility JavaVersion.VERSION_1_7
             targetCompatibility JavaVersion.VERSION_1_7
         }
-    
+
         // Rename the aar correctly
         libraryVariants.all { variant ->
             variant.outputs.each { output ->
@@ -51,7 +51,7 @@ if(hasProperty('target') && target == 'android') {
             provided 'javax.annotation:jsr250-api:1.0'
         }
     }
-    
+
     afterEvaluate {
         android.libraryVariants.all { variant ->
             def task = project.tasks.create "jar${variant.name.capitalize()}", Jar
@@ -63,12 +63,12 @@ if(hasProperty('target') && target == 'android') {
             artifacts.add('archives', task);
         }
     }
-    
+
     task sourcesJar(type: Jar) {
         from android.sourceSets.main.java.srcDirs
         classifier = 'sources'
     }
-    
+
     artifacts {
         archives sourcesJar
     }
@@ -78,16 +78,16 @@ if(hasProperty('target') && target == 'android') {
     apply plugin: 'scala'
     apply plugin: 'java'
     apply plugin: 'maven'
-    
+
     sourceCompatibility = JavaVersion.VERSION_1_7
     targetCompatibility = JavaVersion.VERSION_1_7
-    
+
     install {
         repositories.mavenInstaller {
             pom.artifactId = 'swagger-scala-client'
         }
     }
-    
+
     task execute(type:JavaExec) {
        main = System.getProperty('mainClass')
        classpath = sourceSets.main.runtimeClasspath
@@ -124,4 +124,13 @@ dependencies {
     compile "joda-time:joda-time:$jodatime_version"
     compile "org.joda:joda-convert:$joda_version"
     compile "com.wordnik.swagger:swagger-async-httpclient_2.10:$swagger_async_httpclient_version"
+    constraints {
+        zinc("org.apache.logging.log4j:log4j-core") {
+            version {
+                strictly("[2.17.1, 3[")
+                prefer("2.17.1")
+            }
+            because("Log4j vulnerable to remote code execution and other critical security vulnerabilities")
+        }
+    }
 }