From 7f3801709cb83c12c4ad84b8ee00fefa0f4fbf59 Mon Sep 17 00:00:00 2001 From: Louis Jacomet Date: Tue, 14 Dec 2021 18:30:14 +0100 Subject: [PATCH] Rework Zinc log4j fix This now uses a combination of require and reject instead of a strictly, which will allow updates beyond the 2.x line. The previous solution was effectively preventing that with no way for the user to change that. Issue #19328 --- .../gradle/internal/logging/util/Log4jBannedVersion.java | 1 - .../org/gradle/scala/ScalaPluginIntegrationTest.groovy | 7 ++++--- .../java/org/gradle/api/plugins/scala/ScalaBasePlugin.java | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/subprojects/logging/src/main/java/org/gradle/internal/logging/util/Log4jBannedVersion.java b/subprojects/logging/src/main/java/org/gradle/internal/logging/util/Log4jBannedVersion.java index 0ebb71f69a1f..c10202cd343a 100644 --- a/subprojects/logging/src/main/java/org/gradle/internal/logging/util/Log4jBannedVersion.java +++ b/subprojects/logging/src/main/java/org/gradle/internal/logging/util/Log4jBannedVersion.java @@ -22,7 +22,6 @@ */ public class Log4jBannedVersion { public static final String LOG4J2_CORE_COORDINATES = "org.apache.logging.log4j:log4j-core"; - public static final String LOG4J2_CORE_STRICT_VERSION_RANGE = "[2.15, 3["; public static final String LOG4J2_CORE_VULNERABLE_VERSION_RANGE = "[2.0, 2.15["; public static final String LOG4J2_CORE_REQUIRED_VERSION = "2.16.0"; } diff --git a/subprojects/scala/src/integTest/groovy/org/gradle/scala/ScalaPluginIntegrationTest.groovy b/subprojects/scala/src/integTest/groovy/org/gradle/scala/ScalaPluginIntegrationTest.groovy index 46904c37c3c8..455c3140f618 100644 --- a/subprojects/scala/src/integTest/groovy/org/gradle/scala/ScalaPluginIntegrationTest.groovy +++ b/subprojects/scala/src/integTest/groovy/org/gradle/scala/ScalaPluginIntegrationTest.groovy @@ -261,7 +261,8 @@ task someTask } @ToBeFixedForConfigurationCache(because = ":dependencies") - def 'show that log4j-core, if present, is 2_15_0 at the minimum'() { + @Issue("gradle/gradle#19328") + def 'show that log4j-core, if present, is 2_16_0 at the minimum'() { given: file('build.gradle') << """ apply plugin: 'scala' @@ -272,9 +273,9 @@ task someTask def versionPattern = ~/.*-> 2\.(\d+).*/ expect: succeeds('dependencies', '--configuration', 'zinc') - def log4jOutput = result.getOutputLineThatContains("log4j-core:{strictly [2.15, 3[; prefer 2.15.0}") + def log4jOutput = result.getOutputLineThatContains("log4j-core:{require 2.16.0; reject [2.0, 2.15[}") def matcher = log4jOutput =~ versionPattern matcher.find() - Integer.valueOf(matcher.group(1)) >= 15 + Integer.valueOf(matcher.group(1)) >= 16 } } diff --git a/subprojects/scala/src/main/java/org/gradle/api/plugins/scala/ScalaBasePlugin.java b/subprojects/scala/src/main/java/org/gradle/api/plugins/scala/ScalaBasePlugin.java index 18fba0c465a9..23aef7a1806b 100644 --- a/subprojects/scala/src/main/java/org/gradle/api/plugins/scala/ScalaBasePlugin.java +++ b/subprojects/scala/src/main/java/org/gradle/api/plugins/scala/ScalaBasePlugin.java @@ -150,8 +150,8 @@ private void configureConfigurations(final Project project, final Usage incremen }); zinc.getDependencyConstraints().add(dependencyHandler.getConstraints().create(Log4jBannedVersion.LOG4J2_CORE_COORDINATES, constraint -> constraint.version(version -> { - version.strictly(Log4jBannedVersion.LOG4J2_CORE_STRICT_VERSION_RANGE); - version.prefer(Log4jBannedVersion.LOG4J2_CORE_REQUIRED_VERSION); + version.require(Log4jBannedVersion.LOG4J2_CORE_REQUIRED_VERSION); + version.reject(Log4jBannedVersion.LOG4J2_CORE_VULNERABLE_VERSION_RANGE); }))); final Configuration incrementalAnalysisElements = project.getConfigurations().create("incrementalScalaAnalysisElements");