Skip to content

v2.1.1 #53

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 36 commits into from
Dec 13, 2021
Merged

v2.1.1 #53

merged 36 commits into from
Dec 13, 2021

Conversation

blasttoys
Copy link
Contributor

Description

fixes CVE-2021-44228, updated log4j to 2.15.0.

Type of change

Please delete options that are not relevant.

  • Security patch

soh boon keong and others added 30 commits October 20, 2021 14:39
for APEX 2
e1e5f50
@blasttoys
Merge pull request #1 from GovTechSG/master
3080266 
Update my dev branch to latest of govtech
@blasttoys
Merge branch 'dirtyUpdate' into development
dc70b31
@blasttoys
Merge pull request #3 from blasttoys/development
7c62589 
Development
clean
b1e35a3
backup before clean, verifysupportedkeyfiletype
b4d553d
readme updated
11ae3a5
clean
5c09403
clean
077b0c7
clean
7b689cc
@blasttoys
Merge pull request #4 from blasttoys/dirtyUpdate
c619233 
v2.0.0 update
clean
dfa9c88
@blasttoys
Merge branch 'master' into development
a6f657d
@blasttoys
Merge pull request #5 from blasttoys/development
a2037db 
APEX2 change
@blasttoys
Merge pull request #6 from blasttoys/dirtyUpdate
3a8e159 
clean
@blasttoys
Merge pull request #7 from blasttoys/development
3dbff9a 
Development
update README.md
8df0b90
update README.md
9ade817
@blasttoys
Merge pull request #8 from blasttoys/dirtyUpdate
88f7294 
Dirty update
@blasttoys
Merge pull request #9 from blasttoys/development
95e1cc9 
Development
@GTYeokh
Merge pull request GovTechSG#48 from GovTechSG/development
2490411 
Development
@dependabot
Bump log4j-api from 2.14.1 to 2.15.0
157519f 
Bumps log4j-api from 2.14.1 to 2.15.0.

---
updated-dependencies:
- dependency-name: org.apache.logging.log4j:log4j-api
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@snyk-bot
fix: pom.xml to reduce vulnerabilities
7da55e1 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314719
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720
@GTYeokh
Merge pull request GovTechSG#49 from GovTechSG/dependabot/maven/org.a…
5c44c5c 
…pache.logging.log4j-log4j-api-2.15.0

Bump log4j-api from 2.14.1 to 2.15.0
@snyk-bot
fix: pom.xml to reduce vulnerabilities
86a6f03 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720
@dependabot
Bump log4j-core from 2.14.1 to 2.15.0
1941fe5 
Bumps log4j-core from 2.14.1 to 2.15.0.

---
updated-dependencies:
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@GTYeokh
Merge pull request GovTechSG#50 from GovTechSG/dependabot/maven/org.a…
b5cd69f 
…pache.logging.log4j-log4j-core-2.15.0

Bump log4j-core from 2.14.1 to 2.15.0
@GTYeokh
Merge pull request GovTechSG#51 from GovTechSG/snyk-fix-24ef577d5120a…
475a465 
…e1695d29607b6162383

[Snyk] Fix for 2 vulnerabilities
@GTYeokh
Merge pull request GovTechSG#52 from GovTechSG/snyk-fix-bb78f0faeb188…
a6859b3 
…fb4bb98cf4bd401c96b

[Snyk] Security upgrade org.apache.logging.log4j:log4j-core from 2.14.1 to 2.15.0
@blasttoys
resolved conflict
07634ee
@coveralls
Copy link

Coverage Status

Coverage remained the same at 56.77% when pulling b1ff157 on blasttoys:master into c30d54d on GovTechSG:development.

@blasttoys blasttoys merged commit ea54b32 into GovTechSG:development Dec 13, 2021
blasttoys added a commit that referenced this pull request Dec 13, 2021
@blasttoys @GTYeokh
@dependabot @snyk-bot @lim-ming-tat
v2.1.1 (#53) (#54)
ce783a5 
* for APEX 2

* clean

* backup before clean, verifysupportedkeyfiletype

* readme updated

* clean

* clean

* clean

* clean

* update README.md

* update README.md

* Bump log4j-api from 2.14.1 to 2.15.0

Bumps log4j-api from 2.14.1 to 2.15.0.

---
updated-dependencies:
- dependency-name: org.apache.logging.log4j:log4j-api
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314719
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720

* fix: pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720

* Bump log4j-core from 2.14.1 to 2.15.0

Bumps log4j-core from 2.14.1 to 2.15.0.

---
updated-dependencies:
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync

* v2.1.1

Co-authored-by: soh boon keong <soh_boon_keong@hive.gov.sg>
Co-authored-by: GTYeokh <88869666+GTYeokh@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>

Co-authored-by: soh boon keong <soh_boon_keong@hive.gov.sg>
Co-authored-by: GTYeokh <88869666+GTYeokh@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: mingtat <31609050+lim-ming-tat@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lim-ming-tat lim-ming-tat Awaiting requested review from lim-ming-tat

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@blasttoys @coveralls @GTYeokh @snyk-bot