diff --git a/backend/build.gradle b/backend/build.gradle index f41778d28..44b1657e7 100644 --- a/backend/build.gradle +++ b/backend/build.gradle @@ -15,12 +15,11 @@ sourceCompatibility = 11 targetCompatibility = 11 repositories { - jcenter() + mavenCentral() maven { url 'https://build.shibboleth.net/nexus/content/groups/public' artifactUrls = ['https://build.shibboleth.net/nexus/content/repositories/thirdparty-snapshots'] } - mavenLocal() } configurations.all { @@ -139,8 +138,8 @@ dependencies { compile "org.springframework.boot:spring-boot-${it}" } // To override older version with security issue - https://www.lunasec.io/docs/blog/log4j-zero-day/ - implementation 'org.apache.logging.log4j:log4j-to-slf4j:2.15.0' - implementation 'org.apache.logging.log4j:log4j-api:2.15.0' + implementation "org.apache.logging.log4j:log4j-to-slf4j:${project.'log4j.version'}" + implementation "org.apache.logging.log4j:log4j-api:${project.'log4j.version'}" // TODO: figure out what this should really be runtimeOnly 'org.springframework.boot:spring-boot-starter-tomcat' @@ -157,7 +156,7 @@ dependencies { compile group: 'org.jadira.usertype', name: 'usertype.core', version: '6.0.1.GA' //For easy data mocking capabilities - compile 'net.andreinc.mockneat:mockneat:0.1.4' + compile 'net.andreinc:mockneat:0.4.7' compile 'org.codehaus.groovy:groovy-all:3.0.7' @@ -365,4 +364,4 @@ dockerRun { daemonize true command '--spring.profiles.include=very-dangerous,dev', '--shibui.default-password={noop}password' clean true -} \ No newline at end of file +} diff --git a/beacon/core/build.gradle b/beacon/core/build.gradle index c80df0931..8e6e9c710 100644 --- a/beacon/core/build.gradle +++ b/beacon/core/build.gradle @@ -10,7 +10,7 @@ sourceCompatibility = 11 targetCompatibility = 11 repositories { - jcenter() + mavenCentral() } dependencyManagement { diff --git a/beacon/spring/build.gradle b/beacon/spring/build.gradle index 61ab07be5..ef18152d0 100644 --- a/beacon/spring/build.gradle +++ b/beacon/spring/build.gradle @@ -10,7 +10,7 @@ sourceCompatibility = 11 targetCompatibility = 11 repositories { - jcenter() + mavenCentral() } jar { @@ -26,4 +26,4 @@ dependencyManagement { dependencies { compile project(':beacon:core') compile "org.springframework.boot:spring-boot-starter" -} \ No newline at end of file +} diff --git a/build.gradle b/build.gradle index ee0af8876..282812295 100644 --- a/build.gradle +++ b/build.gradle @@ -29,3 +29,14 @@ release { afterReleaseBuild.dependsOn project.getTasksByName('githubRelease', false) afterReleaseBuild.dependsOn project.getTasksByName('dockerTagsPush', true) + +// force log4j version +allprojects { + configurations.all { + resolutionStrategy.eachDependency { d -> + if (d.requested.group == 'org.apache.logging.log4j') { + d.useVersion project.'log4j.version' + } + } + } +} diff --git a/gradle.properties b/gradle.properties index 79bee945d..0f49c87c1 100644 --- a/gradle.properties +++ b/gradle.properties @@ -19,3 +19,5 @@ i2.github.owner=TIER i2.github.repo=shib-idp-ui i2.github.apiEndpoint=https://github.internet2.edu/api/v3 +log4j.version=2.16.0 + diff --git a/pac4j-module/build.gradle b/pac4j-module/build.gradle index 8803d22c9..1415f81e9 100644 --- a/pac4j-module/build.gradle +++ b/pac4j-module/build.gradle @@ -10,7 +10,7 @@ sourceCompatibility = 11 targetCompatibility = 11 repositories { - jcenter() + mavenCentral() maven { url 'https://build.shibboleth.net/nexus/content/groups/public' artifactUrls = ['https://build.shibboleth.net/nexus/content/repositories/thirdparty-snapshots'] @@ -51,4 +51,4 @@ dependencies { testCompile "org.spockframework:spock-spring:1.3-groovy-2.5" annotationProcessor "org.springframework.boot:spring-boot-configuration-processor" -} \ No newline at end of file +}