From 12683c075bbc89c9de040a06802f4198efd288fc Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Fri, 10 Dec 2021 10:42:51 -0700
Subject: [PATCH 1/2] NOJIRA

Update to current patched version of log4j to fix vulnerability https://www.lunasec.io/docs/blog/log4j-zero-day/
---
 backend/build.gradle | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/backend/build.gradle b/backend/build.gradle
index c719c2af9..1a29d190d 100644
--- a/backend/build.gradle
+++ b/backend/build.gradle
@@ -138,6 +138,10 @@ dependencies {
     ['starter-web', 'starter-data-jpa', 'starter-security', 'starter-actuator', 'devtools', 'starter-webflux', 'starter-thymeleaf', 'starter-mail', 'starter-validation'].each {
         compile "org.springframework.boot:spring-boot-${it}"
     }
+    // To override older version with security issue - https://www.lunasec.io/docs/blog/log4j-zero-day/
+    implementation 'org.apache.logging.log4j:log4j-to-slf4j:2.15.0'
+    implementation 'org.apache.logging.log4j:log4j-api:2.15.0'
+
     // TODO: figure out what this should really be
     runtimeOnly 'org.springframework.boot:spring-boot-starter-tomcat'
 
@@ -166,6 +170,7 @@ dependencies {
     runtimeOnly "org.postgresql:postgresql:42.2.20"
     runtimeOnly 'org.mariadb.jdbc:mariadb-java-client:2.2.0'
     runtimeOnly 'mysql:mysql-connector-java:5.1.48'
+    runtimeOnly 'com.microsoft.sqlserver:mssql-jdbc:9.4.0.jre11'
 
     //Swagger
     compile 'io.springfox:springfox-swagger2:2.9.2'

From ed39f443f313ee2a37e34e177ea5cffede206cba Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Fri, 10 Dec 2021 11:40:43 -0700
Subject: [PATCH 2/2] NOJIRA

Update to current patched version of log4j to fix vulnerability https://www.lunasec.io/docs/blog/log4j-zero-day/
---
 backend/build.gradle | 1 -
 1 file changed, 1 deletion(-)

diff --git a/backend/build.gradle b/backend/build.gradle
index 1a29d190d..f41778d28 100644
--- a/backend/build.gradle
+++ b/backend/build.gradle
@@ -170,7 +170,6 @@ dependencies {
     runtimeOnly "org.postgresql:postgresql:42.2.20"
     runtimeOnly 'org.mariadb.jdbc:mariadb-java-client:2.2.0'
     runtimeOnly 'mysql:mysql-connector-java:5.1.48'
-    runtimeOnly 'com.microsoft.sqlserver:mssql-jdbc:9.4.0.jre11'
 
     //Swagger
     compile 'io.springfox:springfox-swagger2:2.9.2'