Re: Karaf/Camel camel-elasticsearch-rest component and Log4jShell
I will made some tests on camel-karaf main branch because I made it work on a custom Karaf distribution by adding blacklisted bundle. However I don't install all the features but it's weird because in the feature.xml of camel-karaf, only the elasticsearch feature depend on log4j. On 03/01/2022 16:47, Andrea Cosentino wrote: If you run a full feature install like we do in camel-karaf it will fail. This the only test i've done around ES feature Il lun 3 gen 2022, 16:46 Francois Papon ha scritto: The range of the import package is org.apache.logging.log4j;version="[2.8,4)" in the servicemix bundle so it should work if we only upgrade log4j version no? May be I missed somethings. On 03/01/2022 16:33, Andrea Cosentino wrote: No, the installation will fail if you update the feature without upgrading elasticsearch bundle. We cannot update the ES bundle for the license problem. Il giorno lun 3 gen 2022 alle ore 16:31 Francois Papon < francois.pa...@openobject.fr> ha scritto: Ok, so just updating the feature should be enought. On 03/01/2022 16:29, Andrea Cosentino wrote: Elasticsearch high level client and all the related stuff changed their license after 7.10.2 As far as I know is not compatible with ASF License. This is the reason is not updated. Il giorno lun 3 gen 2022 alle ore 16:27 Francois Papon < francois.pa...@openobject.fr> ha scritto: Hi, The Camel elasticsearch-rest-component depend on the version 7.10.2 of elasticsearch-client that has a dependency on log4j-core:2.13.3 and log4j-api:2.13.3 When installating the Karaf feature the log4j bundles are installed: https://github.com/apache/camel-karaf/blob/e976acc7c1d6405b283ffe3e69d336aab854bd5b/pom.xml#L232 There is a comment about upgrading but with a warning about other features compatibility. Does anyone has some information about this? Do we need to upgrade? The Elasticsearch team upgraded to log4j:2.17.0 on 7.16.2. May be Servicemix bundle should be update too. Regards, Francois
Re: Karaf/Camel camel-elasticsearch-rest component and Log4jShell
If you run a full feature install like we do in camel-karaf it will fail. This the only test i've done around ES feature Il lun 3 gen 2022, 16:46 Francois Papon ha scritto: > The range of the import package is > org.apache.logging.log4j;version="[2.8,4)" in the servicemix bundle so > it should work if we only upgrade log4j version no? > > May be I missed somethings. > > On 03/01/2022 16:33, Andrea Cosentino wrote: > > No, the installation will fail if you update the feature without > upgrading > > elasticsearch bundle. > > > > We cannot update the ES bundle for the license problem. > > > > Il giorno lun 3 gen 2022 alle ore 16:31 Francois Papon < > > francois.pa...@openobject.fr> ha scritto: > > > >> Ok, so just updating the feature should be enought. > >> > >> On 03/01/2022 16:29, Andrea Cosentino wrote: > >>> Elasticsearch high level client and all the related stuff changed their > >>> license after 7.10.2 > >>> > >>> As far as I know is not compatible with ASF License. > >>> > >>> This is the reason is not updated. > >>> > >>> Il giorno lun 3 gen 2022 alle ore 16:27 Francois Papon < > >>> francois.pa...@openobject.fr> ha scritto: > >>> > Hi, > > The Camel elasticsearch-rest-component depend on the version 7.10.2 of > elasticsearch-client that has a dependency on log4j-core:2.13.3 and > log4j-api:2.13.3 > > When installating the Karaf feature the log4j bundles are installed: > > > > >> > https://github.com/apache/camel-karaf/blob/e976acc7c1d6405b283ffe3e69d336aab854bd5b/pom.xml#L232 > There is a comment about upgrading but with a warning about other > features compatibility. > > Does anyone has some information about this? > > Do we need to upgrade? > > The Elasticsearch team upgraded to log4j:2.17.0 on 7.16.2. > > May be Servicemix bundle should be update too. > > Regards, > > Francois > > > > >
Re: Karaf/Camel camel-elasticsearch-rest component and Log4jShell
The range of the import package is org.apache.logging.log4j;version="[2.8,4)" in the servicemix bundle so it should work if we only upgrade log4j version no? May be I missed somethings. On 03/01/2022 16:33, Andrea Cosentino wrote: No, the installation will fail if you update the feature without upgrading elasticsearch bundle. We cannot update the ES bundle for the license problem. Il giorno lun 3 gen 2022 alle ore 16:31 Francois Papon < francois.pa...@openobject.fr> ha scritto: Ok, so just updating the feature should be enought. On 03/01/2022 16:29, Andrea Cosentino wrote: Elasticsearch high level client and all the related stuff changed their license after 7.10.2 As far as I know is not compatible with ASF License. This is the reason is not updated. Il giorno lun 3 gen 2022 alle ore 16:27 Francois Papon < francois.pa...@openobject.fr> ha scritto: Hi, The Camel elasticsearch-rest-component depend on the version 7.10.2 of elasticsearch-client that has a dependency on log4j-core:2.13.3 and log4j-api:2.13.3 When installating the Karaf feature the log4j bundles are installed: https://github.com/apache/camel-karaf/blob/e976acc7c1d6405b283ffe3e69d336aab854bd5b/pom.xml#L232 There is a comment about upgrading but with a warning about other features compatibility. Does anyone has some information about this? Do we need to upgrade? The Elasticsearch team upgraded to log4j:2.17.0 on 7.16.2. May be Servicemix bundle should be update too. Regards, Francois
Re: Karaf/Camel camel-elasticsearch-rest component and Log4jShell
No, the installation will fail if you update the feature without upgrading elasticsearch bundle. We cannot update the ES bundle for the license problem. Il giorno lun 3 gen 2022 alle ore 16:31 Francois Papon < francois.pa...@openobject.fr> ha scritto: > Ok, so just updating the feature should be enought. > > On 03/01/2022 16:29, Andrea Cosentino wrote: > > Elasticsearch high level client and all the related stuff changed their > > license after 7.10.2 > > > > As far as I know is not compatible with ASF License. > > > > This is the reason is not updated. > > > > Il giorno lun 3 gen 2022 alle ore 16:27 Francois Papon < > > francois.pa...@openobject.fr> ha scritto: > > > >> Hi, > >> > >> The Camel elasticsearch-rest-component depend on the version 7.10.2 of > >> elasticsearch-client that has a dependency on log4j-core:2.13.3 and > >> log4j-api:2.13.3 > >> > >> When installating the Karaf feature the log4j bundles are installed: > >> > >> > >> > https://github.com/apache/camel-karaf/blob/e976acc7c1d6405b283ffe3e69d336aab854bd5b/pom.xml#L232 > >> > >> There is a comment about upgrading but with a warning about other > >> features compatibility. > >> > >> Does anyone has some information about this? > >> > >> Do we need to upgrade? > >> > >> The Elasticsearch team upgraded to log4j:2.17.0 on 7.16.2. > >> > >> May be Servicemix bundle should be update too. > >> > >> Regards, > >> > >> Francois > >> > >> > >> > >> >
Re: Karaf/Camel camel-elasticsearch-rest component and Log4jShell
Ok, so just updating the feature should be enought. On 03/01/2022 16:29, Andrea Cosentino wrote: Elasticsearch high level client and all the related stuff changed their license after 7.10.2 As far as I know is not compatible with ASF License. This is the reason is not updated. Il giorno lun 3 gen 2022 alle ore 16:27 Francois Papon < francois.pa...@openobject.fr> ha scritto: Hi, The Camel elasticsearch-rest-component depend on the version 7.10.2 of elasticsearch-client that has a dependency on log4j-core:2.13.3 and log4j-api:2.13.3 When installating the Karaf feature the log4j bundles are installed: https://github.com/apache/camel-karaf/blob/e976acc7c1d6405b283ffe3e69d336aab854bd5b/pom.xml#L232 There is a comment about upgrading but with a warning about other features compatibility. Does anyone has some information about this? Do we need to upgrade? The Elasticsearch team upgraded to log4j:2.17.0 on 7.16.2. May be Servicemix bundle should be update too. Regards, Francois
Re: Karaf/Camel camel-elasticsearch-rest component and Log4jShell
Elasticsearch high level client and all the related stuff changed their license after 7.10.2 As far as I know is not compatible with ASF License. This is the reason is not updated. Il giorno lun 3 gen 2022 alle ore 16:27 Francois Papon < francois.pa...@openobject.fr> ha scritto: > Hi, > > The Camel elasticsearch-rest-component depend on the version 7.10.2 of > elasticsearch-client that has a dependency on log4j-core:2.13.3 and > log4j-api:2.13.3 > > When installating the Karaf feature the log4j bundles are installed: > > > https://github.com/apache/camel-karaf/blob/e976acc7c1d6405b283ffe3e69d336aab854bd5b/pom.xml#L232 > > There is a comment about upgrading but with a warning about other > features compatibility. > > Does anyone has some information about this? > > Do we need to upgrade? > > The Elasticsearch team upgraded to log4j:2.17.0 on 7.16.2. > > May be Servicemix bundle should be update too. > > Regards, > > Francois > > > >
Karaf/Camel camel-elasticsearch-rest component and Log4jShell
Hi, The Camel elasticsearch-rest-component depend on the version 7.10.2 of elasticsearch-client that has a dependency on log4j-core:2.13.3 and log4j-api:2.13.3 When installating the Karaf feature the log4j bundles are installed: https://github.com/apache/camel-karaf/blob/e976acc7c1d6405b283ffe3e69d336aab854bd5b/pom.xml#L232 There is a comment about upgrading but with a warning about other features compatibility. Does anyone has some information about this? Do we need to upgrade? The Elasticsearch team upgraded to log4j:2.17.0 on 7.16.2. May be Servicemix bundle should be update too. Regards, Francois