安全：升级log4j-api版本为2.15.0

gradle.properties

@@ -75,6 +75,7 @@ PERSISTENCE_VERSION=1.0.2
 POI_VERSION=4.1.2
 # https://mvnrepository.com/artifact/org.slf4j/slf4j-api
 SLF4J_VERSION=1.7.25
+LOG4J_VERSION=2.15.0
 ## https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-web
 #SPRING_BOOT_VERSION=2.1.3.RELEASE
 ## https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-starter-eureka-server

labsl/build.gradle

@@ -30,7 +30,8 @@ dependencies {
 
     ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
     // spring boot 依赖
-    compile group: "org.springframework.boot", name: "spring-boot-starter-web", version: SPRING_BOOT_VERSION
+    compile(group: "org.springframework.boot", name: "spring-boot-starter-web", version: SPRING_BOOT_VERSION){exclude group: 'org.apache.logging.log4j',module:'log4j-api'}
+    compile group: "org.apache.logging.log4j", name: "log4j-api", version: LOG4J_VERSION
     compile group: "org.springframework.boot", name: "spring-boot-configuration-processor", version: SPRING_BOOT_VERSION
     compile group: "org.springframework.boot", name: "spring-boot-starter-actuator", version: SPRING_BOOT_VERSION
     compile group: "org.springframework.boot", name: "spring-boot-starter-logging", version: SPRING_BOOT_VERSION

meiku/build.gradle

@@ -44,7 +44,8 @@ dependencies {
 
     ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
     // spring boot 依赖
-    compile group: "org.springframework.boot", name: "spring-boot-starter-web", version: SPRING_BOOT_VERSION
+    compile(group: "org.springframework.boot", name: "spring-boot-starter-web", version: SPRING_BOOT_VERSION){exclude group: 'org.apache.logging.log4j',module:'log4j-api'}
+    compile group: "org.apache.logging.log4j", name: "log4j-api", version: LOG4J_VERSION
     compile group: "org.springframework.boot", name: "spring-boot-configuration-processor", version: SPRING_BOOT_VERSION
     compile group: "org.springframework.boot", name: "spring-boot-starter-actuator", version: SPRING_BOOT_VERSION
     compile group: "org.springframework.boot", name: "spring-boot-starter-logging", version: SPRING_BOOT_VERSION

message-center/build.gradle

@@ -52,7 +52,8 @@ dependencies {
     // 页面
     compile group: "org.springframework.boot", name: "spring-boot-starter-freemarker", version: SPRING_BOOT_VERSION
     // spring boot 依赖
-    compile group: "org.springframework.boot", name: "spring-boot-starter-web", version: SPRING_BOOT_VERSION
+    compile(group: "org.springframework.boot", name: "spring-boot-starter-web", version: SPRING_BOOT_VERSION){exclude group: 'org.apache.logging.log4j',module:'log4j-api'}
+    compile group: "org.apache.logging.log4j", name: "log4j-api", version: LOG4J_VERSION
     compile group: "org.springframework.boot", name: "spring-boot-configuration-processor", version: SPRING_BOOT_VERSION
     compile group: "org.springframework.boot", name: "spring-boot-starter-actuator", version: SPRING_BOOT_VERSION
     compile group: "org.springframework.boot", name: "spring-boot-starter-logging", version: SPRING_BOOT_VERSION

revit-algorithm/build.gradle

@@ -53,7 +53,8 @@ dependencies {
     // 页面
     compile group: "org.springframework.boot", name: "spring-boot-starter-freemarker", version: SPRING_BOOT_VERSION
     // spring boot 依赖
-    compile group: "org.springframework.boot", name: "spring-boot-starter-web", version: SPRING_BOOT_VERSION
+    compile(group: "org.springframework.boot", name: "spring-boot-starter-web", version: SPRING_BOOT_VERSION){exclude group: 'org.apache.logging.log4j',module:'log4j-api'}
+    compile group: "org.apache.logging.log4j", name: "log4j-api", version: LOG4J_VERSION
     compile group: "org.springframework.boot", name: "spring-boot-configuration-processor", version: SPRING_BOOT_VERSION
     compile group: "org.springframework.boot", name: "spring-boot-starter-actuator", version: SPRING_BOOT_VERSION
     compile group: "org.springframework.boot", name: "spring-boot-starter-logging", version: SPRING_BOOT_VERSION

scanbuilding/build.gradle

@@ -56,7 +56,8 @@ dependencies {
 
     ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
     // spring boot 依赖
-    compile group: "org.springframework.boot", name: "spring-boot-starter-web", version: SPRING_BOOT_VERSION
+    compile(group: "org.springframework.boot", name: "spring-boot-starter-web", version: SPRING_BOOT_VERSION){exclude group: 'org.apache.logging.log4j',module:'log4j-api'}
+    compile group: "org.apache.logging.log4j", name: "log4j-api", version: LOG4J_VERSION
     compile group: "org.springframework.boot", name: "spring-boot-configuration-processor", version: SPRING_BOOT_VERSION
     compile group: "org.springframework.boot", name: "spring-boot-starter-actuator", version: SPRING_BOOT_VERSION
     compile group: "org.springframework.boot", name: "spring-boot-starter-logging", version: SPRING_BOOT_VERSION

scheduler/build.gradle

@@ -53,7 +53,8 @@ dependencies {
     // 页面
     compile group: "org.springframework.boot", name: "spring-boot-starter-freemarker", version: SPRING_BOOT_VERSION
     // spring boot 依赖
-    compile group: "org.springframework.boot", name: "spring-boot-starter-web", version: SPRING_BOOT_VERSION
+    compile(group: "org.springframework.boot", name: "spring-boot-starter-web", version: SPRING_BOOT_VERSION){exclude group: 'org.apache.logging.log4j',module:'log4j-api'}
+    compile group: "org.apache.logging.log4j", name: "log4j-api", version: LOG4J_VERSION
     compile group: "org.springframework.boot", name: "spring-boot-configuration-processor", version: SPRING_BOOT_VERSION
     compile group: "org.springframework.boot", name: "spring-boot-starter-actuator", version: SPRING_BOOT_VERSION
     compile group: "org.springframework.boot", name: "spring-boot-starter-logging", version: SPRING_BOOT_VERSION