Bump Jetty to 9.4.17.v20190418 due to CVE-2019-10247

+ remove older version of package-info-maven-plugin
5 years ago · 747f5e41cf
5 changed files with 10 additions and 30 deletions
--- a/lib/com/github/bohnman/package-info-maven-plugin/1.0.2-m2e/package-info-maven-plugin-1.0.2-m2e.jar
+++ b/lib/com/github/bohnman/package-info-maven-plugin/1.0.2-m2e/package-info-maven-plugin-1.0.2-m2e.jar
--- a/lib/com/github/bohnman/package-info-maven-plugin/1.0.2-m2e/package-info-maven-plugin-1.0.2-m2e.pom
+++ b/lib/com/github/bohnman/package-info-maven-plugin/1.0.2-m2e/package-info-maven-plugin-1.0.2-m2e.pom
@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>com.github.bohnman</groupId>
-  <artifactId>package-info-maven-plugin</artifactId>
-  <version>1.0.2-m2e</version>
-  <description>POM was created from install:install-file</description>
-</project>
--- a/lib/com/github/bohnman/package-info-maven-plugin/maven-metadata-local.xml
+++ b/lib/com/github/bohnman/package-info-maven-plugin/maven-metadata-local.xml
@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<metadata>
-  <groupId>com.github.bohnman</groupId>
-  <artifactId>package-info-maven-plugin</artifactId>
-  <versioning>
-    <release>1.0.2-m2e</release>
-    <versions>
-      <version>1.0.2-m2e</version>
-    </versions>
-    <lastUpdated>20190326110305</lastUpdated>
-  </versioning>
-</metadata>
--- a/pom.xml
+++ b/pom.xml
@ -11,14 +11,14 @@
 		<dagger.version>1.2.2</dagger.version>
 		<hsqldb.version>r5970</hsqldb.version>
 		<sqltool.version>2.4.1</sqltool.version>
-		<jetty.version>9.4.12.v20180830</jetty.version>
+		<jetty.version>9.4.17.v20190418</jetty.version>
 		<jersey.version>2.27</jersey.version>
 		<log4j.version>2.11.0</log4j.version>
 		<slf4j.version>1.7.12</slf4j.version>
 		<swagger-api.version>2.0.6</swagger-api.version>
 		<swagger-ui.version>3.19.0</swagger-ui.version>
 		<felix-bundle-plugin.version>3.5.0</felix-bundle-plugin.version>
-		<package-info-maven-plugin.version>1.0.2-m2e</package-info-maven-plugin.version>
+		<package-info-maven-plugin.version>1.1.0</package-info-maven-plugin.version>
 		<build.timestamp>${maven.build.timestamp}</build.timestamp>
 	</properties>
 	<build>
@ -312,7 +312,7 @@
 		<dependency>
 			<groupId>com.github.bohnman</groupId>
 			<artifactId>package-info-maven-plugin</artifactId>
-			<version>1.0.1</version>
+			<version>${package-info-maven-plugin.version}</version>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.felix</groupId>
--- a/src/main/java/org/qora/api/ApiService.java
+++ b/src/main/java/org/qora/api/ApiService.java
@ -4,7 +4,9 @@ import io.swagger.v3.jaxrs2.integration.resources.OpenApiResource;

 import org.eclipse.jetty.rewrite.handler.RedirectPatternRule;
 import org.eclipse.jetty.rewrite.handler.RewriteHandler;
-import org.eclipse.jetty.server.NCSARequestLog;
+import org.eclipse.jetty.server.CustomRequestLog;
+import org.eclipse.jetty.server.RequestLog;
+import org.eclipse.jetty.server.RequestLogWriter;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.handler.ErrorHandler;
 import org.eclipse.jetty.server.handler.InetAccessHandler;
@ -40,11 +42,10 @@ public class ApiService {

 		// Request logging
 		if (Settings.getInstance().isApiLoggingEnabled()) {
-			NCSARequestLog requestLog = new NCSARequestLog("API-requests.log");
-			requestLog.setAppend(true);
-			requestLog.setExtended(false);
-			requestLog.setLogTimeZone("UTC");
-			requestLog.setLogLatency(true);
+			RequestLogWriter logWriter = new RequestLogWriter("API-requests.log");
+			logWriter.setAppend(true);
+			logWriter.setTimeZone("UTC");
+			RequestLog requestLog = new CustomRequestLog(logWriter, CustomRequestLog.EXTENDED_NCSA_FORMAT);
 			server.setRequestLog(requestLog);
 		}