Log4j 2.15.0 update issue - log4j

My application is using Log4j 2.11.1 now. Because of the Log4j security vulnerabilities reported a couple of days ago, I need to update Log4j to 2.15.0. But it fails when I deploy my application on a Linux server.
Here is the error message:
[ERROR] Failed to execute goal on project ***: Could not resolve
dependencies for project ***:1.0-SNAPSHOT: Failed to collect
dependencies at org.apache.logging.log4j:log4j-api:jar:2.15.0: Failed
to read artifact descriptor for
org.apache.logging.log4j:log4j-api:jar:2.15.0: Could not transfer
artifact org.apache.logging.log4j:log4j-api:pom:2.15.0 from/to central
(https://repo1.maven.org/maven2):
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target -> [Help 1]
I've added the certificate of Maven 2 to my Java keystore, but it does not work. My Java version is 1.8.181.

I had log4j-core and log4j-api which needed to be updated. It is a similar case as you had, deployment on as a Linux server. It works for me.
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-1.2-api</artifactId>
<version>2.15.0</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.15.0</version>
</dependency>
I added these dependencies and updated the maven project (in the Eclipse IDE, right click on Project → Go to Maven → Update Project).
Log4j Vulnerability issue with later versions
The version Log4j 2.15.0 was released as a possible fix for this critical vulnerability, but this version was found to be still vulnerable (by Apache Software Foundation).
Solution: Log4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

You can have a look at Maven, Ivy, Gradle, and SBT Artifacts.
In my case I had to switch from 1.2.x version to 2.16.0.
You can try using this dependency:
<dependencies>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-1.2-api</artifactId>
<version>2.16.0</version>
</dependency>
</dependencies>

As Log4j security vulnerabilities are addressed in log4j-core, please try the latest version of log4j-core using a Maven dependency:
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.16.0</version>
</dependency>
Reference - Maven Repository: log4j
Regarding the exception you are facing, this may help you -
Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Specifically for a "PKIX path building failed" error in Maven:
If you are on Windows and your IT folks have added transparent proxies that intercept SSL traffic, you'll want to set MAVEN_OPTS to the following:
-Djavax.net.ssl.keyStoreType=Windows-MY -Djavax.net.ssl.trustStoreType=Windows-ROOT
This will direct Maven to use the Windows trust store when vetting SSL certificates issued internally by your IT staff.
If it is a transparent proxy peeking at SSL, but you're not in Windows, you may need to add that certificate to your JVMs trusted keystore, as the JVM options I have only work on Windows.

I faced the same problem with the following dependency:
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j</artifactId>
<version>2.15.0</version>
</dependency>
I replaced the above dependency with:
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-1.2-api</artifactId>
<version>2.15.0</version>
</dependency>
It works OK.

Related

Run test with Sikuli 2.x on Linux give runtime error:`GLIBC_2.27' not found

I have selenium tests with Sikuli.
When I was using sikuli 1.x all worked fine.
The issue started when I moved to sikuli 2.x
I import Sikuli by maven:
<dependency>
<groupId>com.sikulix</groupId>
<artifactId>sikulixapi</artifactId>
<version>2.0.5</version>
</dependency>
I tried to run this with Jenkins on CentOS7 and AWS linux.
I got on both a runtime error:
GLIBC_2.27' not found (required by /root/.Sikulix/SikulixLibs/libopencv_java430.so)
Did someone see and solve this issue?
Thanks a head for any help
Lior

Getting No compiler is provided in this environment. Perhaps you are running on a JRE rather than a JDK? error while running code using azure devops

Getting No compiler is provided in this environment. Perhaps you are running on a JRE rather than a JDK? error while running code using azure devops I am using the below pom.xml, it's running perfectly fine on my local machine.
i am using below dependency
<dependency>
<groupId>com.microsoft.sqlserver</groupId>
<artifactId>mssql-jdbc</artifactId>
<version>6.1.0.jre8</version>
</dependency>
Error:
Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:compile (default-compile) on project : Compilation failure [ERROR] No compiler is provided in this environment.

Does log4j2.8.2.jar work with JDK 1.7. How to find the supported jdk version for a jar file?

Does log4j2.8.2.jar work with JDK 1.7.
How to find the supported jdk version for a given jar file ? In my case i want to find the supported jdk version for log4j 2.8.2.jar.
https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j/2.8.2
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j</artifactId>
<version>2.8.2</version>
<type>pom</type>
</dependency>
I think Java 7 is supported up to 2.12.1
https://logging.apache.org/log4j/2.x/
Requirements
Log4j 2.13.0 and greater require Java 8. Version 2.4 through 2.12.1 required Java 7 and versions 2.0-alpha1 to 2.3 required Java 6. Some features require optional dependencies; the documentation for these features specifies the dependencies.

How to install adminlte on netbeans 11

I have just upgraded from netbeans 8.2 to Apache Netbeans 11 in order to start my first webapp. I would like to use adminfaces and I am stuck.
I first used the admin-starter project and cloned it from github. In netbeans IDE I always got the errorpage 500. After that I tried from scratch: New Project, Java with Maven, Web Application
This got me a nice demoPage with my Tomcat9.0 server. Now I tried all different type of things - did not get it to work.
How to Install Adminlte template on netbeans
Basically this is what I was looking for, but this does not work on Netbeans 11 anymore.
Any help is kindly appreciated.
Well first of all I gone back to the original github project. Needless to say the problem has to do with java 11 and some depreciated functions.
So for people who want to use adminfaces with Netbeans 11 and Java 11 (OpenJDK) and Tomcat 9.0:
Download admin-starter-tomcat-master.zip from github
Import in Netbeans. Rename Directory to admin-starter-tomcat.
add dependency for javax.annotation V1.3.2 in pom.xml
<dependency>
<groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
<version>1.3.2</version>
</dependency>
add dependency for javax.xml.bind.JAXBContext in pom.xml
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-core</artifactId>
<version>2.3.0.1</version>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.3.1</version>
</dependency>
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-impl</artifactId>
<version>2.3.1</version>
</dependency>
This worked for me after waisting one week of my time.

Writing a simple program in Spark 1.4.0

I'm new in Spark. I installed jdk8 and eclipse (mars) in debian 8. And installes Spark1.4.0 and used sbt/sbt assembly command to get all required. COuld anyone tell me how to write a simple hello program in spark using eclipse ide which need to coded in java. or tell me a url to do the same. I need a step-by-step help.
Thank you in advance
You can make a maven project and add spark 1.4 maven dependency as follow.
<dependency>
<groupId>org.apache.spark</groupId>
<artifactId>spark-core_2.10</artifactId>
<version>1.4.0</version>
</dependency>
And start coding in eclipse ide.
you can follow this or this and here is the java wordcount in spark example code
The link is for scala, but the same goes for java. hope it will help.

Resources