Log4j and Sl4j is upgraded because of CVE-2019-1751 vulnerability to …

[dgnyshn]

Log4j and sl4j upgraded because of CVE-2019-1751-vulnerability and also some errors fixed after build.

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

[xandris]

What JDK are you building this with? I get a NPE in javac when updating the versions in build.gradle:

> Task :az-hadoop-jobtype-plugin:compileJava FAILED
An exception has occurred in the compiler ((version info not available)). Please file a bug against the Java compiler via the Java bug reporting page (http://bugreport.java.com) after checking the Bug Database (http://bugs.java.com) for duplicates. Include your program and the following diagnostic in your report. Thank you.
java.lang.NullPointerException
        at com.sun.tools.javac.jvm.Code.width(Code.java:279)
        at com.sun.tools.javac.jvm.ClassReader.initParameterNames(ClassReader.java:2438)
        at com.sun.tools.javac.jvm.ClassReader.readMethod(ClassReader.java:2387)
        at com.sun.tools.javac.jvm.ClassReader.readClass(ClassReader.java:2641)

Very frustrating.