0048258: How to manually backport log4j 2.17 to Openbravo version >= 19Q1

Openbravo Issue Tracking System - Openbravo ERP

View Issue Details

Project

Category

View Status

Date Submitted

Last Update

0048258

Openbravo ERP

A. Platform

public

2021-12-15 16:13

2021-12-20 10:53

Reporter

shuehner

Assigned To

shuehner

Priority

normal

Severity

critical

Reproducibility

have not tried

Status

closed

Resolution

suspended

Platform

OS Version

Product Version

Target Version

Fixed in Version

Merge Request Status

Review Assigned To

OBNetwork customer

Web browser

Modules

Core

Support ticket

Regression level

Regression date

Regression introduced in release

Regression introduced by commit

Triggers an Emergency Pack

Summary

0048258: How to manually backport log4j 2.17 to Openbravo version >= 19Q1

Description

This issue contains description on how to manually backport the library update to log4j version 2.17 to older releases.

It can be used:
- If a project cannot update to 21Q3.7 or 21Q4.2 or 22Q1 yet
- but wants to apply the 2.17 library update recommend By Openbravo

Steps To Reproduce

Having Openbravo containing log4j library version:
- 2.x
- but not yet 2.17

Proposed Solution

How to apply the update.
All steps from base Openbravo folder (aka source.path)
The required files are attached to this issue
Testing,stopping,starting application as usual for any code change

1.) Delete the following 5 files
lib/runtime/log4j-1.2-api-2.11.1.jar
lib/runtime/log4j-api-2.11.1.jar
lib/runtime/log4j-core-2.11.1.jar
lib/runtime/log4j-slf4j-impl-2.11.1.jar
lib/runtime/log4j-web-2.11.1.jar

2.) Extract new files from log4j-2.17.0-jar-files.zip
unzip log4j-2.17.0.jar-files.zip

3.a) For Openbravo version <21Q1
Apply patch log4j-pre21Q1.diff

3.b) For Openbravo version >=21Q1 y <21Q4
Apply patch log4j-21Q1-pre21Q4.diff

3.c) For Openbravo >= 21Q4
Apply patch log4j-21Q4.diff instead

4.) Recompile the application
# do NOT use ant smartbuild
ant compile.complete.deploy

Additional Information

Tags

No tags attached.

Relationships

related to	defect	0048228	closed	alostale	update log4j to its latest version (2.15.0)
related to	defect	0048254	closed	alostale	update log4j to its latest version (2.16.0)
related to	defect	0047091	closed	alostale	log4j should be updated to the latest version
related to	defect	0048279	closed	alostale	update log4j to its latest version (2.17.0)

Attached Files

log4j-2.17.0-jar-files.zip (2,116,080) 2021-12-20 10:51
https://issues.openbravo.com/file_download.php?file_id=16454&type=bug
diff

log4j-21Q4.diff (3,510) 2021-12-20 10:53
https://issues.openbravo.com/file_download.php?file_id=16455&type=bug
diff

log4j-21Q1-pre21Q4.diff (4,376) 2021-12-20 10:53
https://issues.openbravo.com/file_download.php?file_id=16456&type=bug
diff

log4j-pre21Q1.diff (6,681) 2021-12-20 10:53
https://issues.openbravo.com/file_download.php?file_id=16457&type=bug
diff

after-cherrypick-log4j-21Q1-pre21Q4.diff (2,318) 2021-12-20 10:53
https://issues.openbravo.com/file_download.php?file_id=16458&type=bug

Issue History

Date Modified

Username

Field

Change

2021-12-15 16:13