From 9646f2bddf2eeaefec64621d67981baba24b7d35 Mon Sep 17 00:00:00 2001 From: AnuGayan Date: Wed, 27 Mar 2024 11:58:37 +0530 Subject: [PATCH 1/3] Upgrade dependencies to mitigate vulnerabilities from alpha CVE-2024-29025, CVE-2024-28752, CVE-2024-23944 --- pom.xml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/pom.xml b/pom.xml index 70ad8e7164..680d3af6c7 100644 --- a/pom.xml +++ b/pom.xml @@ -1287,12 +1287,12 @@ 9.1.34 - 9.29.84 + 9.29.87 [9.0.0, 10.0.0) - 4.8.31 + 4.8.32 [4.7.0, 5.0.0) @@ -1309,10 +1309,10 @@ [4.5.0, 5.0.0) - 4.7.200 + 4.7.201 - 5.25.698 + 5.25.699 1.8.107 1.8.14 1.7.33 @@ -1336,7 +1336,7 @@ [1.0.0,2.0.0) - 4.11.13 + 4.11.14-SNAPSHOT 4.9.25 @@ -1353,7 +1353,7 @@ 1.8 3.0-FINAL 1.0.0.M8-wso2v1 - 4.0.0-wso2v99 + 4.0.0-wso2v102 1.0.2 1.6.1-wso2v98 1.2.11-wso2v29 @@ -1387,7 +1387,7 @@ 1.6.wso2v6 2.3.1.wso2v1 3.3.1.wso2v11 - 6.3.50 + 6.3.51-SNAPSHOT [2.6.0, 3.0.0) @@ -1396,7 +1396,7 @@ 4.4.10 4.5.3 6.11 - 3.6.2 + 3.6.3 2.0.0-wso2v66 5.1.13.RELEASE 7.0.96 From 81dc0093398fe834b738f0588cc746d604cfb55f Mon Sep 17 00:00:00 2001 From: AnuGayan Date: Thu, 28 Mar 2024 11:14:48 +0530 Subject: [PATCH 2/3] Add Log analytics configuration to log4j2.properties file by default --- .../product/src/main/conf/log4j2.properties | 23 +++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/modules/distribution/product/src/main/conf/log4j2.properties b/modules/distribution/product/src/main/conf/log4j2.properties index 5178f4d10a..7ebd747e4f 100644 --- a/modules/distribution/product/src/main/conf/log4j2.properties +++ b/modules/distribution/product/src/main/conf/log4j2.properties @@ -1,6 +1,6 @@ # list of all appenders #add entry "syslog" to use the syslog appender -appenders=CARBON_CONSOLE, CARBON_LOGFILE, AUDIT_LOGFILE, ATOMIKOS_LOGFILE, CARBON_TRACE_LOGFILE, ERROR_LOGFILE, OPEN_TRACING,SERVICE_APPENDER, TRACE_APPENDER, osgi, CORRELATION, BOTDATA_APPENDER, API_LOGFILE +appenders=CARBON_CONSOLE, APIM_METRICS_APPENDER, CARBON_LOGFILE, AUDIT_LOGFILE, ATOMIKOS_LOGFILE, CARBON_TRACE_LOGFILE, ERROR_LOGFILE, OPEN_TRACING,SERVICE_APPENDER, TRACE_APPENDER, osgi, CORRELATION, BOTDATA_APPENDER, API_LOGFILE #, syslog # CARBON_CONSOLE is set to be a ConsoleAppender using a PatternLayout. @@ -181,17 +181,36 @@ appender.SERVICE_APPENDER.policies.size.size=1000KB appender.SERVICE_APPENDER.strategy.type = DefaultRolloverStrategy appender.SERVICE_APPENDER.strategy.max = 10 +appender.APIM_METRICS_APPENDER.type = RollingFile +appender.APIM_METRICS_APPENDER.name = APIM_METRICS_APPENDER +appender.APIM_METRICS_APPENDER.fileName = ${sys:carbon.home}/repository/logs/apim_metrics.log +appender.APIM_METRICS_APPENDER.filePattern = ${sys:carbon.home}/repository/logs/apim_metrics-%d{MM-dd-yyyy}-%i.log +appender.APIM_METRICS_APPENDER.layout.type = PatternLayout +appender.APIM_METRICS_APPENDER.layout.pattern = %d{HH:mm:ss,SSS} [%X{ip}-%X{host}] [%t] %5p %c{1} %m%n +appender.APIM_METRICS_APPENDER.policies.type = Policies +appender.APIM_METRICS_APPENDER.policies.time.type = TimeBasedTriggeringPolicy +appender.APIM_METRICS_APPENDER.policies.time.interval = 1 +appender.APIM_METRICS_APPENDER.policies.time.modulate = true +appender.APIM_METRICS_APPENDER.policies.size.type = SizeBasedTriggeringPolicy +appender.APIM_METRICS_APPENDER.policies.size.size=1000MB +appender.APIM_METRICS_APPENDER.strategy.type = DefaultRolloverStrategy +appender.APIM_METRICS_APPENDER.strategy.max = 10 + appender.osgi.type = PaxOsgi appender.osgi.name = PaxOsgi appender.osgi.filter = * -loggers = AUDIT_LOG, trace-messages, org-apache-coyote, com-hazelcast, Owasp-CsrfGuard, org-apache-axis2-wsdl-codegen-writer-PrettyPrinter, org-apache-axis2-clustering, org-apache-catalina, org-apache-tomcat, org-wso2-carbon-apacheds, org-apache-directory-server-ldap, org-apache-directory-server-core-event, com-atomikos, org-quartz, org-apache-jackrabbit-webdav, org-apache-juddi, org-apache-commons-digester-Digester, org-apache-jasper-compiler-TldLocationsCache, org-apache-qpid, org-apache-qpid-server-Main, qpid-message, qpid-message-broker-listening, org-apache-tiles, org-apache-commons-httpclient, org-apache-solr, me-prettyprint-cassandra-hector-TimingLogger, org-apache-axis-enterprise, org-apache-directory-shared-ldap, org-apache-directory-server-ldap-handlers, org-apache-directory-shared-ldap-entry-DefaultServerAttribute, org-apache-directory-server-core-DefaultDirectoryService, org-apache-directory-shared-ldap-ldif-LdifReader, org-apache-directory-server-ldap-LdapProtocolHandler, org-apache-directory-server-core, org-apache-directory-server-ldap-LdapSession, DataNucleus, Datastore, Datastore-Schema, JPOX-Datastore, JPOX-Plugin, JPOX-MetaData, JPOX-Query, JPOX-General, JPOX-Enhancer, org-apache-hadoop-hive, hive, ExecMapper, ExecReducer, net-sf-ehcache-config-ConfigurationFactory, axis2Deployment, equinox, tomcat2, StAXDialectDetector, trace, synapse, synapse_transport, axis2, axis2_transport, org-wso2-carbon, hunsicker, thrift-publisher, service_logger, trace_logger, org-wso2-carbon-apimgt-gateway-mediators-BotDetectionMediator, correlation, API_LOG +loggers = AUDIT_LOG, reporter, trace-messages, org-apache-coyote, com-hazelcast, Owasp-CsrfGuard, org-apache-axis2-wsdl-codegen-writer-PrettyPrinter, org-apache-axis2-clustering, org-apache-catalina, org-apache-tomcat, org-wso2-carbon-apacheds, org-apache-directory-server-ldap, org-apache-directory-server-core-event, com-atomikos, org-quartz, org-apache-jackrabbit-webdav, org-apache-juddi, org-apache-commons-digester-Digester, org-apache-jasper-compiler-TldLocationsCache, org-apache-qpid, org-apache-qpid-server-Main, qpid-message, qpid-message-broker-listening, org-apache-tiles, org-apache-commons-httpclient, org-apache-solr, me-prettyprint-cassandra-hector-TimingLogger, org-apache-axis-enterprise, org-apache-directory-shared-ldap, org-apache-directory-server-ldap-handlers, org-apache-directory-shared-ldap-entry-DefaultServerAttribute, org-apache-directory-server-core-DefaultDirectoryService, org-apache-directory-shared-ldap-ldif-LdifReader, org-apache-directory-server-ldap-LdapProtocolHandler, org-apache-directory-server-core, org-apache-directory-server-ldap-LdapSession, DataNucleus, Datastore, Datastore-Schema, JPOX-Datastore, JPOX-Plugin, JPOX-MetaData, JPOX-Query, JPOX-General, JPOX-Enhancer, org-apache-hadoop-hive, hive, ExecMapper, ExecReducer, net-sf-ehcache-config-ConfigurationFactory, axis2Deployment, equinox, tomcat2, StAXDialectDetector, trace, synapse, synapse_transport, axis2, axis2_transport, org-wso2-carbon, hunsicker, thrift-publisher, service_logger, trace_logger, org-wso2-carbon-apimgt-gateway-mediators-BotDetectionMediator, correlation, API_LOG logger.API_LOG.name = API_LOG logger.API_LOG.level = INFO logger.API_LOG.appenderRef.API_LOGFILE.ref = API_LOGFILE logger.API_LOG.additivity = false +logger.reporter.name = org.wso2.am.analytics.publisher.reporter.elk +logger.reporter.level = INFO +logger.reporter.additivity = false +logger.reporter.appenderRef.APIM_METRICS_APPENDER.ref = APIM_METRICS_APPENDER logger.AUDIT_LOG.name = AUDIT_LOG logger.AUDIT_LOG.level = INFO From 230ecdfbe923b7f7b7997687bb5afa92e136ba32 Mon Sep 17 00:00:00 2001 From: AnuGayan Date: Sun, 31 Mar 2024 09:21:28 +0530 Subject: [PATCH 3/3] Align WSO2 logo and text in login page --- .../distribution/product/src/main/extensions/product-title.jsp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/distribution/product/src/main/extensions/product-title.jsp b/modules/distribution/product/src/main/extensions/product-title.jsp index 5517d37729..1d3a59ef0f 100644 --- a/modules/distribution/product/src/main/extensions/product-title.jsp +++ b/modules/distribution/product/src/main/extensions/product-title.jsp @@ -22,7 +22,7 @@ <% if ("API Manager".equals(request.getAttribute("headerTitle"))) { %>
-