[FOLIO-2639] Fix 'folio-sample-modules' security vulnerability reported in log4j >= 1.2, <= 1.2.27 Created: 09/Jun/20  Updated: 18/Nov/21  Resolved: 18/Nov/21

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Task Priority: P2
Reporter: Peter Murray Assignee: Julian Ladisch
Resolution: Done Votes: 0
Labels: platform-backlog, security, security-reviewed
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Relates
relates to EDGRTAC-26 Fix security vulnerability reported i... Closed
Sprint: CP: sprint 127, CP: sprint 126
Story Points: 2
Development Team: Core: Platform

 Description   

Is https://github.com/folio-org/folio-sample-modules still relevant? It hasn't had a substantial update (excluding dependency and documentation updates) since September 2017.



 Comments   
Comment by Peter Murray [ 09/Jun/20 ]

David Crossley: Do you know if this is still useful?

Comment by David Crossley [ 09/Jun/20 ]

As far as i know, yes it is. I have been intending to fix that log4j, and now revise it for Okapi v3.

Comment by Oleksii Popov [ 03/Aug/20 ]

Estimated to update log4j2

A suggestion to pick this ticket into development after the system upgrades to JDK11.

Comment by Craig McNally [ 16/Jul/21 ]

Jakub Skoczen Can you please make a call on whether to fix this or possibly even deprecate/archive the folio-sample-modules altogether? It isn't clear if these are used by anyone. The security team is following up on this since it's marked as P2 and hasn't been updated in quite some time.

Comment by Jakub Skoczen [ 28/Oct/21 ]

Julian Ladisch is this something you could help out with?

Comment by Julian Ladisch [ 18/Nov/21 ]

The dependencies have been updated to resolve the security issues.

A GitHub Actions workflow shows that the code still works and serves as an integration test: https://github.com/folio-org/folio-sample-modules/blob/master/.github/workflows/simple.yml

Generated at Thu Feb 08 23:22:09 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.