From c8a8b0375eaf98ba7485983bd07fbfe2186a0dd3 Mon Sep 17 00:00:00 2001
From: leonardovannucci <leonardo.vannucci@digi-one.eu>
Date: Fri, 01 Apr 2022 14:40:09 +0200
Subject: [PATCH] fix log4j vulnerability

---
 .gitignore            |    1 +
 dg1cloud-core/pom.xml |   49 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+), 0 deletions(-)

diff --git a/.gitignore b/.gitignore
index 93984dd..220e2d5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -72,3 +72,4 @@
 #Esclusione file compilati
 dg1cloud-core/target/classes/
 dg1cloud-core/target/test-classes/
+dg1cloud-core/target/
diff --git a/dg1cloud-core/pom.xml b/dg1cloud-core/pom.xml
index 8040739..b401e38 100644
--- a/dg1cloud-core/pom.xml
+++ b/dg1cloud-core/pom.xml
@@ -31,6 +31,55 @@
 		</dependency>
 		
 		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-log4j2</artifactId>
+			<exclusions>
+				<exclusion>
+					<groupId>org.apache.logging.log4j</groupId>
+					<artifactId>log4j-core</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.apache.logging.log4j</groupId>
+					<artifactId>log4j-to-slf4j</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.apache.logging.log4j</groupId>
+					<artifactId>log4j-slf4j-impl</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.apache.logging.log4j</groupId>
+					<artifactId>log4j-jul</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+		
+		<dependency>
+			<groupId>org.apache.logging.log4j</groupId>
+			<artifactId>log4j-api</artifactId>
+			<version>2.17.1</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.logging.log4j</groupId>
+			<artifactId>log4j-core</artifactId>
+			<version>2.17.1</version>
+		</dependency>
+		<!-- dependency>
+			<groupId>org.apache.logging.log4j</groupId>
+			<artifactId>log4j-to-slf4j</artifactId>
+			<version>2.17.1</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.logging.log4j</groupId>
+			<artifactId>log4j-slf4j-impl</artifactId>
+			<version>2.17.1</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.logging.log4j</groupId>
+			<artifactId>log4j-jul</artifactId>
+			<version>2.17.1</version>
+		</dependency-->
+		
+		<dependency>
 			<groupId>org.flywaydb</groupId>
 			<artifactId>flyway-core</artifactId>
 			<version>4.0.1</version>

--
Gitblit v1.6.2