Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0048258
TypeCategorySeverityReproducibilityDate SubmittedLast Update
design defect[Openbravo ERP] A. Platformcriticalhave not tried2021-12-15 16:132021-12-20 10:53
ReportershuehnerView Statuspublic 
Assigned Toshuehner 
PrioritynormalResolutionsuspendedFixed in Version
StatusclosedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0048258: How to manually backport log4j 2.17 to Openbravo version >= 19Q1

DescriptionThis issue contains description on how to manually backport the library update to log4j version 2.17 to older releases.

It can be used:
- If a project cannot update to 21Q3.7 or 21Q4.2 or 22Q1 yet
- but wants to apply the 2.17 library update recommend By Openbravo

Steps To ReproduceHaving Openbravo containing log4j library version:
- 2.x
- but not yet 2.17
Proposed SolutionHow to apply the update.
All steps from base Openbravo folder (aka source.path)
The required files are attached to this issue
Testing,stopping,starting application as usual for any code change

1.) Delete the following 5 files
lib/runtime/log4j-1.2-api-2.11.1.jar
lib/runtime/log4j-api-2.11.1.jar
lib/runtime/log4j-core-2.11.1.jar
lib/runtime/log4j-slf4j-impl-2.11.1.jar
lib/runtime/log4j-web-2.11.1.jar

2.) Extract new files from log4j-2.17.0-jar-files.zip
unzip log4j-2.17.0.jar-files.zip

3.a) For Openbravo version <21Q1
Apply patch log4j-pre21Q1.diff

3.b) For Openbravo version >=21Q1 y <21Q4
Apply patch log4j-21Q1-pre21Q4.diff

3.c) For Openbravo >= 21Q4
Apply patch log4j-21Q4.diff instead

4.) Recompile the application
# do NOT use ant smartbuild
ant compile.complete.deploy
TagsNo tags attached.
Attached Fileszip file icon log4j-2.17.0-jar-files.zip [^] (2,116,080 bytes) 2021-12-20 10:51
diff file icon log4j-21Q4.diff [^] (3,510 bytes) 2021-12-20 10:53 [Show Content]
diff file icon log4j-21Q1-pre21Q4.diff [^] (4,376 bytes) 2021-12-20 10:53 [Show Content]
diff file icon log4j-pre21Q1.diff [^] (6,681 bytes) 2021-12-20 10:53 [Show Content]
diff file icon after-cherrypick-log4j-21Q1-pre21Q4.diff [^] (2,318 bytes) 2021-12-20 10:53 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]
related to defect 0048228 closedalostale update log4j to its latest version (2.15.0) 
related to defect 0048254 closedalostale update log4j to its latest version (2.16.0) 
related to defect 0047091 closedalostale log4j should be updated to the latest version 
related to defect 0048279 closedalostale update log4j to its latest version (2.17.0) 

-  Notes
(0133742)
shuehner (administrator)
2021-12-15 18:29
edited on: 2021-12-20 10:44

 Above steps just simplify applying the following commits/issues as backports.
a.) <21Q1
- f9a3d51ca55107fca4092b7a6e34f6454889df62 (log4j 2.11.1 -> 2.14.1, issue 47091)
- 84357bd2eeaac2bf3be42f2151ef1834eebfa467 (log4j 2.14.1 -> 2.15.0, issue 48228)
- ac8698d34f048f78e4c04e7e3a2155ce8cf4030e (log4j 2.15.0 -> 2.16.0, issue 48254)
- 75a344ae2459ed375b81f9f94ac4dbad4c431412 (log4j 2.16.0 -> 2.17.0, issue 48279)
Apply patch after-cherrypick-log4j-21Q1-pre21Q4.diff
b.) >=21Q1 and < 21Q4
- f9a3d51ca55107fca4092b7a6e34f6454889df62 (log4j 2.11.1 -> 2.14.1, issue 47091)
- 84357bd2eeaac2bf3be42f2151ef1834eebfa467 (log4j 2.14.1 -> 2.15.0, issue 48228)
- ac8698d34f048f78e4c04e7e3a2155ce8cf4030e (log4j 2.15.0 -> 2.16.0, issue 48254)
- 75a344ae2459ed375b81f9f94ac4dbad4c431412 (log4j 2.16.0 -> 2.17.0, issue 48279)

c.) >= 21Q4
- 84357bd2eeaac2bf3be42f2151ef1834eebfa467 (log4j 2.14.1 -> 2.15.0, issue 48228)
- ac8698d34f048f78e4c04e7e3a2155ce8cf4030e (log4j 2.15.0 -> 2.16.0, issue 48254)
- 75a344ae2459ed375b81f9f94ac4dbad4c431412 (log4j 2.16.0 -> 2.17.0, issue 48279)
(0133745)
shuehner (administrator)
2021-12-15 19:03

 This issue is just about documenting how to easily backport the log4j change to older releases.
Marked as closed as no action required on product side (there the changes are already done (see linked issues))

- Issue History
Date Modified Username Field Change
2021-12-15 16:13 shuehner New Issue
2021-12-15 16:13 shuehner Assigned To => Triage Platform Base
2021-12-15 16:13 shuehner Modules => Core
2021-12-15 16:13 shuehner Triggers an Emergency Pack => No
2021-12-15 18:18 shuehner File Added: log4j-2.16.0-jar-files.zip
2021-12-15 18:19 shuehner File Added: log4j-21Q4.diff
2021-12-15 18:19 shuehner File Added: log4j-pre21Q4.diff
2021-12-15 18:25 shuehner Proposed Solution updated
2021-12-15 18:26 shuehner Proposed Solution updated
2021-12-15 18:29 shuehner Note Added: 0133742
2021-12-15 18:30 shuehner Assigned To Triage Platform Base => shuehner
2021-12-15 18:30 shuehner Status new => scheduled
2021-12-15 18:33 shuehner Relationship added related to 0047901
2021-12-15 18:33 shuehner Relationship added related to 0048228
2021-12-15 18:33 shuehner Relationship added related to 0048254
2021-12-15 18:44 shuehner Relationship added related to 0047091
2021-12-15 18:44 shuehner Relationship deleted related to 0047901
2021-12-15 18:44 shuehner Note Edited: 0133742 View Revisions
2021-12-15 18:47 shuehner Proposed Solution updated
2021-12-15 19:03 shuehner Note Added: 0133745
2021-12-15 19:03 shuehner Status scheduled => closed
2021-12-15 19:03 shuehner Resolution open => suspended
2021-12-17 13:44 AugustoMauch Proposed Solution updated
2021-12-17 13:46 AugustoMauch Note Edited: 0133742 View Revisions
2021-12-17 13:46 AugustoMauch File Deleted: log4j-pre21Q4.diff
2021-12-17 13:47 AugustoMauch File Added: log4j-21Q1-21Q4.diff
2021-12-17 13:47 AugustoMauch Proposed Solution updated
2021-12-17 13:47 AugustoMauch File Deleted: log4j-21Q1-21Q4.diff
2021-12-17 13:48 AugustoMauch File Added: log4j-21Q1-pre21Q4.diff
2021-12-17 13:53 AugustoMauch File Added: log4j-pre21Q1.diff
2021-12-17 13:55 AugustoMauch File Added: after-cherrypick-log4j-21Q1-pre21Q4.diff
2021-12-17 13:55 AugustoMauch Note Edited: 0133742 View Revisions
2021-12-20 09:00 alostale Relationship added related to 0048279
2021-12-20 10:44 cberner Note Edited: 0133742 View Revisions
2021-12-20 10:51 cberner Summary How to manually backport log4j 2.16 to Openbravo version >= 19Q1 => How to manually backport log4j 2.17 to Openbravo version >= 19Q1
2021-12-20 10:51 cberner Description Updated View Revisions
2021-12-20 10:51 cberner Steps to Reproduce Updated View Revisions
2021-12-20 10:51 cberner Proposed Solution updated
2021-12-20 10:51 cberner File Added: log4j-2.17.0-jar-files.zip
2021-12-20 10:52 cberner File Deleted: log4j-21Q4.diff
2021-12-20 10:52 cberner File Deleted: log4j-2.16.0-jar-files.zip
2021-12-20 10:52 cberner File Deleted: log4j-21Q1-pre21Q4.diff
2021-12-20 10:52 cberner File Deleted: log4j-pre21Q1.diff
2021-12-20 10:53 cberner File Deleted: after-cherrypick-log4j-21Q1-pre21Q4.diff
2021-12-20 10:53 cberner File Added: log4j-21Q4.diff
2021-12-20 10:53 cberner File Added: log4j-21Q1-pre21Q4.diff
2021-12-20 10:53 cberner File Added: log4j-pre21Q1.diff
2021-12-20 10:53 cberner File Added: after-cherrypick-log4j-21Q1-pre21Q4.diff

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker