Log4j2 security issue - log4j2

Currently , I am using apachie.logging.log4j. artifact is log4j-slf4j-impl . Version 2.12.0.
My question is that log4j-slf4j-impl is also affected by this recent security vulnerability.

Yes this version is vulnerable.
It has a transitive runtime dependency to log4j-core in version 2.12.0. which contains the vulnerability.
So you should update log4j-slf4j-impl to Version 2.15.0 containing the fix as fast as possible.

Related

.net Core - compatibility of docker images

According to https://devblogs.microsoft.com/dotnet/announcing-net-core-3-0/, the newest version of .NET core should be backward compatible with the previous versions.
However, building a docker image with 2.2sdk won't run on a container with runtime 3.0... Am I missing something or is it the normal behavior?
There is no mention of that in the linked article?
What you are experiencing is normal behavior. Major versions are not backwards compatible (for runtimes).
In your case running a .net core 2.2 app will not work on an image with a .net core 3.0 runtime.
You can read more about version selection where the following is mentioned:
The host chooses the latest patch version installed on the machine. For example, if you specified netcoreapp2.0 in your project file, and 2.0.4 is the latest .NET runtime installed, the 2.0.4 runtime is used.
If no acceptable 2.0.* version is found, a new 2.* version is used. For example, if you specified netcoreapp2.0 and only 2.1.0 is installed, the application runs using the 2.1.0 runtime. This behavior is referred to as "minor version roll-forward." Lower versions also won't be considered. When no acceptable runtime is installed, the application won't run.
A few usage examples demonstrate the behavior, if you target 2.0:
2.0 is specified. 2.0.5 is the highest patch version installed. 2.0.5 is used.
2.0 is specified. No 2.0.* versions are installed. 1.1.1 is the highest runtime installed. An error message is displayed.
2.0 is specified. No 2.0.* versions are installed. 2.2.2 is the highest 2.x runtime version installed. 2.2.2 is used.
2.0 is specified. No 2.x versions are installed. 3.0.0 is installed. An error message is displayed.
They also mention roughly adhering to semantic versioning here:
MAJOR is incremented when:
Significant changes occur to the product, or a new product direction.
Breaking changes were taken. There's a high bar to accepting breaking changes.
An old version is no longer supported.
A newer MAJOR version of an existing dependency is adopted.

Errors when upgrading a Grails Project Groovy\Grails Tool Suite

I'm trying to run a Grails Application from the Grails In Action website. I've imported the 'hubbub' project into the GGTS app and have encountered build errors. The project was originally built with Grails 2.3.7 whereas I have version 2.4.4 on my system. Based on another Stack Overflow question I've changed the 'app.grails.version' in the application.properties file to grails version 2.4.4 which prompted a flurry of downloads in the command prompt terminating in a series of errors regarding problems with plugins. I can't run the app because I'm told that "Project 'hubbub' is missing required source folder: grails-app/utils". If I try to change 'app.grails.version' back to 2.3.7 I'm told that I need to configure a Grails installation of 2.3.7.
Am I doing something wrong here in trying to upgrade this Grails project? Or do I really have to install Grails 2.3.7 in order to get this to work?
(Sorry, I haven't posted the errors regarding plugin downloads but I can't seem to recreate them).
Thanks in advance!
Grails 2.4 is a big change over 2.3, mostly due to the use of the asset pipeline instead of resources.
Also simply changing the version in application.properties isn't enough, you also need to actually run the matching Grails framework.
See here for upgrading an app from 2.3 to 2.4: http://grails.github.io/grails-doc/2.4.x/guide/upgradingFrom23.html . From experience upgrading Grails apps from older versions must be done manually. One reason is that the upgrade command is obsolete and has been removed. Read the docs for breaking changes and address each change individually in the code. Upgrading patch levels are no problem (usually), but upgrading minor and major versions often are a lot of work.
Since you are learning, I would stick to 2.3.7 for your exercise (meaning that you must run 2.3.7, which you aren't doing). What you'll learn will remain valid. Do use 2.4.4 when building your own project from scratch.
If your project only missing grails-app/utils, try just to create it.
Take a look in your Project Properties -> Build Path. There are all the source folder defined. It can be helpful

Unable to add struts 2 support to netbeans 7.4

this plugin requires plugin Editor Library to be installed.
The plugin Editor Library is requested in version >= 2.10.1.10.2 (release version 2) but only 3.46.1.22.43 (of release version different from 2) was found.
The following plugin is affected:       Struts2 Support
Now i have resolved another plugin for Struts 2 support. This plugin is called Netbeans Struts2 Plug-in and its a re-pack for the plugin i was trying to install. Though this plugin in not certified but it is working good. The developers have tested it on netbeans 7.4 but i'm using it not netbeans8 and i have not suffered any issues.
I have found another way, that is using maven. That is also a good way but i would not recommend it if you have slow internet connection.

Grails plugin site version syntax

On the Grails Plugin Site (http://www.grails.org/plugins/), every plugin lists the versions of Grails that it is compatible with; something like Grails version : 1.2 > *.
Does this mean that the plugin is compatible with all versions of Grails starting with 1.2 or up to 1.2?
Yes, it means that version is supported for mentioned and above versions. But do read that whether the plugin is deprecated or not. For that you need to go to plugin and then see the details at the bottom.
For example, Cloud Foundary is depreciated but it is still listed on Grails plugin page.
http://www.grails.org/plugin/cloud-foundry

Issues with upgrade to Grails 2.2.0 using GGTS

I’m trying to upgrade Grails to version 2.2.0. I used gvm and installed Grails 2.2.0. After this I changed my project in GGTS to use Grails version 2.2.0 and Groovy version 2.0.0. But when I finally tried to run the project, I got the following error:
Error occurred during initialization of VMError opening zip file or JAR manifest
missing : null
agent library failed to init: instrument
What is the problem?
We had the same problem.
This is due to eclipse saving old run configuration for the previous grails version.
Just remove old launch configuration and retry.
To remove old launch configuration :
go to Run\RunConfiguration\Grails
select all nodes and remove them.
I had the same problem when I started using Grails 2.2.0 - The solution Ian mentioned works, here is the link to the issue and resolution that occurred in my project
Grails 2.2.0 error
Added on 1/15/2013 Other suggestions based on 2.2.0/ivy cache issues
I am running on windows, a couple of things to try.
Based on your error message seems like the issue might be related to the Ivy cached, I would suggest cleaning that out using the clean command.
I would also go ahead and delete the Icy cache folders on your machine at \ivy-cache(after backing it up just in case)
Read grails documentation at http://grails.org/doc/2.0.0/guide/gettingStarted.html, refer to section 2.3 regarding Ivy cache – there might be issues running 2.x and 1.x grails projects side by side.
When install, I do not have to install groovy explicitly - I just install grails and that take care of the groovy code implicitly. Is that possible for you to do? To rule out dependency issues?
On my version of grails I have the groovy version showing up as 2.0.5 – I assume you meant grails 2.2.0 – can you ensure that you have a groovy version installed with is compatible with grails 2.2.0?
If possible try your code on a fresh device where grails has not been installed before. This is to rule out interference due to other existing issues
It's a known issue to do with the fact that the version of the springloaded reloading agent used by 2.2 (and 2.1.3) has a different name from that used by previous versions of Grails. There's a workaround in the bug report, or you can upgrade to a nightly build of GGTS which knows about the new name (as described in this bug report).
I am using GGTS 3.2 with Groovy compiler 2.1.1 on Windows XP.
Had imported a project from GGTS 3.1, upgraded compiler to 2.1.1 and got in mess, so
deleted the project and removed it from .grails cache, then re-created project from scratch. When it came to running the project I got the ivy error.
Removing the old launch configuration via Run->RunConfiguration...Grails fixed problem without switching to a night build of GGTS.
(BTW Deleting ivy-cache didn't help at all)

Resources