Merge branch 'log4j2-security-issue' into 'devel_16.0.x'

Log4j2 security issue

See merge request !1398

CHANGELOG

+minerva (16.0.4) stable; urgency=high
+  * Bug fix: security fix in log4j2 zero day exploit 
+    https://www.lunasec.io/docs/blog/log4j-zero-day/
+
+ -- Piotr Gawron <piotr.gawron@uni.lu>  Mon, 13 Dec 2021 08:00:00 +0200
+
 minerva (16.0.3) stable; urgency=medium
   * Bug fix: searching for element in submap was broken (#1601)
   * Bug fix: compartmentRef was not set when exporting to SBGN (#1602)

CellDesigner-plugin/pom.xml

@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>lcsb.mapviewer</groupId>
 		<artifactId>parent</artifactId>
-		<version>16.0.3</version>
+		<version>16.0.4</version>
 	</parent>
 	<artifactId>CellDesigner-plugin</artifactId>
 	<!-- dependency from the MapViewer model -->
@@ -50,19 +50,19 @@
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>model</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>commons</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>converter-CellDesigner</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<dependency>

annotation/pom.xml

@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>lcsb.mapviewer</groupId>
 		<artifactId>parent</artifactId>
-		<version>16.0.3</version>
+		<version>16.0.4</version>
 	</parent>
 	<artifactId>annotation</artifactId>
 	<name>Annotation module</name>
@@ -18,7 +18,7 @@
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>model</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<!-- dependency from the MapViewer dao -->
@@ -26,7 +26,7 @@
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>persist</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<!-- dependency from the MapViewer cell designer parser (we need access 
@@ -34,13 +34,13 @@
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>converter-CellDesigner</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>converter</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<!-- Log4J2 -->

annotation/src/main/java/lcsb/mapviewer/annotation/services/PubmedParser.java

 package lcsb.mapviewer.annotation.services;
 
 import java.io.IOException;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
 
-import javax.xml.xpath.*;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpressionException;
+import javax.xml.xpath.XPathFactory;
 
 import org.apache.commons.lang3.SerializationException;
 import org.apache.logging.log4j.LogManager;
@@ -13,7 +18,11 @@ import org.springframework.stereotype.Service;
 import org.w3c.dom.Document;
 import org.w3c.dom.NodeList;
 
-import lcsb.mapviewer.annotation.cache.*;
+import lcsb.mapviewer.annotation.cache.CachableInterface;
+import lcsb.mapviewer.annotation.cache.GeneralCacheInterface;
+import lcsb.mapviewer.annotation.cache.SourceNotAvailable;
+import lcsb.mapviewer.annotation.cache.WebPageDownloader;
+import lcsb.mapviewer.annotation.cache.XmlSerializer;
 import lcsb.mapviewer.common.XmlParser;
 import lcsb.mapviewer.common.exception.InvalidXmlSchemaException;
 import lcsb.mapviewer.model.Article;
@@ -43,7 +52,7 @@ public class PubmedParser extends CachableInterface implements IExternalService
   /**
    * Version of the remote API that is supported by this connecting class.
    */
-  static final String SUPPORTED_VERSION = "6.6";
+  static final String SUPPORTED_VERSION = "6.7";
   static final String API_URL = "https://www.ebi.ac.uk/europepmc/webservices/rest/";
   /**
    * Length of {@link #PUBMED_PREFIX} string.
@@ -60,8 +69,8 @@ public class PubmedParser extends CachableInterface implements IExternalService
   private Logger logger = LogManager.getLogger();
 
   /**
-   * Object that allows to serialize {@link Article} elements into xml string and
-   * deserialize xml into {@link Article} objects.
+   * Object that allows to serialize {@link Article} elements into xml string
+   * and deserialize xml into {@link Article} objects.
    */
   private XmlSerializer<Article> articleSerializer;
 
@@ -70,14 +79,14 @@ public class PubmedParser extends CachableInterface implements IExternalService
    * from/to xml.
    */
   @Autowired
-  public PubmedParser(MiriamConnector miriamConnector) {
+  public PubmedParser(final MiriamConnector miriamConnector) {
     super(PubmedParser.class);
     articleSerializer = new XmlSerializer<>(Article.class);
     this.miriamConnector = miriamConnector;
   }
 
   @Override
-  public Object refreshCacheQuery(Object query) throws SourceNotAvailable {
+  public Object refreshCacheQuery(final Object query) throws SourceNotAvailable {
     Object result = null;
     try {
       if (query instanceof String) {
@@ -104,7 +113,7 @@ public class PubmedParser extends CachableInterface implements IExternalService
   }
 
   @Override
-  protected void setWebPageDownloader(WebPageDownloader webPageDownloader) {
+  protected void setWebPageDownloader(final WebPageDownloader webPageDownloader) {
     super.setWebPageDownloader(webPageDownloader);
   }
 
@@ -118,7 +127,7 @@ public class PubmedParser extends CachableInterface implements IExternalService
    *           thrown when there is a problem with accessing information about
    *           pubmed
    */
-  public Article getPubmedArticleById(Integer id) throws PubmedSearchException {
+  public Article getPubmedArticleById(final Integer id) throws PubmedSearchException {
     String queryString = "pubmed: " + id;
     Article result = null;
     try {
@@ -132,7 +141,7 @@ public class PubmedParser extends CachableInterface implements IExternalService
       logger.debug("Pubmed article (id=" + id + ") not found in cache. Accessing WebService...");
     }
 
-    result = new Article(id+"");
+    result = new Article(id + "");
     try {
       String url = API_URL + "search/resulttype=core&query="
           + java.net.URLEncoder.encode("src:med ext_id:" + id, "UTF-8");
@@ -206,7 +215,7 @@ public class PubmedParser extends CachableInterface implements IExternalService
     return result;
   }
 
-  public Article getPubmedArticleById(String id) throws PubmedSearchException {
+  public Article getPubmedArticleById(final String id) throws PubmedSearchException {
     if (id == null) {
       return null;
     }
@@ -226,7 +235,7 @@ public class PubmedParser extends CachableInterface implements IExternalService
    *           thrown when there is a problem with accessing information about
    *           pubmed
    */
-  public String getHtmlFullLinkForId(Integer id, boolean withTextPrefix) throws PubmedSearchException {
+  public String getHtmlFullLinkForId(final Integer id, final boolean withTextPrefix) throws PubmedSearchException {
     String result = "";
     Article article = getPubmedArticleById(id);
     result += "<div style=\"float:left;\" title=\"" + article.getTitle() + ", ";
@@ -251,7 +260,7 @@ public class PubmedParser extends CachableInterface implements IExternalService
    *           thrown when there is a problem with accessing information about
    *           pubmed
    */
-  public String getHtmlFullLinkForId(Integer id) throws PubmedSearchException {
+  public String getHtmlFullLinkForId(final Integer id) throws PubmedSearchException {
     return getHtmlFullLinkForId(id, true);
   }
 
@@ -265,7 +274,7 @@ public class PubmedParser extends CachableInterface implements IExternalService
    *           thrown when there is a problem with accessing information about
    *           pubmed
    */
-  public String getSummary(Integer id) throws PubmedSearchException {
+  public String getSummary(final Integer id) throws PubmedSearchException {
     Article article = getPubmedArticleById(id);
     if (article == null) {
       return null;
@@ -340,7 +349,7 @@ public class PubmedParser extends CachableInterface implements IExternalService
    *           thrown when there is a problem with accessing information about
    *           pubmed
    */
-  public String getSummary(String id) throws PubmedSearchException {
+  public String getSummary(final String id) throws PubmedSearchException {
     return getSummary(Integer.valueOf(id));
   }
 
@@ -357,7 +366,7 @@ public class PubmedParser extends CachableInterface implements IExternalService
    *          the miriamConnector to set
    * @see #miriamConnector
    */
-  public void setMiriamConnector(MiriamConnector miriamConnector) {
+  public void setMiriamConnector(final MiriamConnector miriamConnector) {
     this.miriamConnector = miriamConnector;
   }
 
@@ -374,7 +383,7 @@ public class PubmedParser extends CachableInterface implements IExternalService
    *          the articleSerializer to set
    * @see #articleSerializer
    */
-  protected void setArticleSerializer(XmlSerializer<Article> articleSerializer) {
+  protected void setArticleSerializer(final XmlSerializer<Article> articleSerializer) {
     this.articleSerializer = articleSerializer;
   }
 

annotation/src/main/java/lcsb/mapviewer/annotation/services/annotators/EnsemblAnnotator.java

 package lcsb.mapviewer.annotation.services.annotators;
 
 import java.io.IOException;
-import java.util.*;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
 
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -11,15 +14,24 @@ import org.w3c.dom.NodeList;
 
 import lcsb.mapviewer.annotation.cache.GeneralCacheInterface;
 import lcsb.mapviewer.annotation.cache.WebPageDownloader;
-import lcsb.mapviewer.annotation.services.*;
+import lcsb.mapviewer.annotation.services.ExternalServiceStatus;
+import lcsb.mapviewer.annotation.services.ExternalServiceStatusType;
+import lcsb.mapviewer.annotation.services.IExternalService;
+import lcsb.mapviewer.annotation.services.WrongResponseCodeIOException;
 import lcsb.mapviewer.common.XmlParser;
 import lcsb.mapviewer.common.exception.InvalidXmlSchemaException;
 import lcsb.mapviewer.common.exception.NotImplementedException;
 import lcsb.mapviewer.model.ProjectLogEntryType;
 import lcsb.mapviewer.model.map.MiriamData;
 import lcsb.mapviewer.model.map.MiriamType;
-import lcsb.mapviewer.model.map.species.*;
-import lcsb.mapviewer.model.user.annotator.*;
+import lcsb.mapviewer.model.map.species.Gene;
+import lcsb.mapviewer.model.map.species.GenericProtein;
+import lcsb.mapviewer.model.map.species.Protein;
+import lcsb.mapviewer.model.map.species.Rna;
+import lcsb.mapviewer.model.user.annotator.AnnotatorData;
+import lcsb.mapviewer.model.user.annotator.AnnotatorInputParameter;
+import lcsb.mapviewer.model.user.annotator.AnnotatorOutputParameter;
+import lcsb.mapviewer.model.user.annotator.BioEntityField;
 
 /**
  * This class is responsible for connecting to
@@ -36,7 +48,7 @@ public class EnsemblAnnotator extends ElementAnnotator implements IExternalServi
   /**
    * Version of the rest API that is supported by this annotator.
    */
-  static final String SUPPORTED_VERSION = "14.1";
+  static final String SUPPORTED_VERSION = "15.0";
 
   /**
    * Url address of ensembl restful service.
@@ -118,7 +130,7 @@ public class EnsemblAnnotator extends ElementAnnotator implements IExternalServi
   }
 
   @Override
-  public boolean annotateElement(BioEntityProxy element, MiriamData identifier, AnnotatorData parameters)
+  public boolean annotateElement(final BioEntityProxy element, final MiriamData identifier, final AnnotatorData parameters)
       throws AnnotatorException {
     if (identifier.getDataType().equals(MiriamType.ENSEMBL)) {
       String query = REST_SERVICE_URL + identifier.getResource() + URL_SUFFIX;
@@ -236,7 +248,7 @@ public class EnsemblAnnotator extends ElementAnnotator implements IExternalServi
   }
 
   @Override
-  protected void setWebPageDownloader(WebPageDownloader webPageDownloader) {
+  protected void setWebPageDownloader(final WebPageDownloader webPageDownloader) {
     super.setWebPageDownloader(webPageDownloader);
   }
 

commons/pom.xml

@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>lcsb.mapviewer</groupId>
 		<artifactId>parent</artifactId>
-		<version>16.0.3</version>
+		<version>16.0.4</version>
 	</parent>
 	<artifactId>commons</artifactId>
 	<name>Mapviewer commons</name>

converter-CellDesigner/pom.xml

@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>lcsb.mapviewer</groupId>
 		<artifactId>parent</artifactId>
-		<version>16.0.3</version>
+		<version>16.0.4</version>
 	</parent>
 	<artifactId>converter-CellDesigner</artifactId>
 	<name>CellDesigner converter</name>
@@ -17,13 +17,13 @@
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>model</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>converter</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<!-- Log4J2 -->

converter-SBGNML/pom.xml

@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>lcsb.mapviewer</groupId>
 		<artifactId>parent</artifactId>
-		<version>16.0.3</version>
+		<version>16.0.4</version>
 	</parent>
 	<artifactId>converter-SBGNML</artifactId>
 
@@ -20,26 +20,26 @@
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>model</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>persist</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 			<scope>test</scope>
 		</dependency>
 
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>converter-CellDesigner</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>converter-graphics</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<dependency>

converter-graphics/pom.xml

@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>lcsb.mapviewer</groupId>
 		<artifactId>parent</artifactId>
-		<version>16.0.3</version>
+		<version>16.0.4</version>
 	</parent>
 	<artifactId>converter-graphics</artifactId>
 	<name>MapViewer graphics converter</name>
@@ -18,13 +18,13 @@
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>model</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>model-command</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<!-- Log4J2-->

converter-sbml/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>lcsb.mapviewer</groupId>
 		<artifactId>parent</artifactId>
-		<version>16.0.3</version>
+		<version>16.0.4</version>
 	</parent>
 	<artifactId>converter-sbml</artifactId>
 	<name>converter-sbml</name>
@@ -40,22 +40,22 @@
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>model</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>model-command</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>converter-CellDesigner</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>converter</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<!-- Log4J2 -->
@@ -154,7 +154,7 @@
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>converter-graphics</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 			<scope>test</scope>
 		</dependency>
 

converter/pom.xml

@@ -5,7 +5,7 @@
   <parent>
     <groupId>lcsb.mapviewer</groupId>
     <artifactId>parent</artifactId>
-    <version>16.0.3</version>
+    <version>16.0.4</version>
   </parent>
   
   <artifactId>converter</artifactId>
@@ -15,7 +15,7 @@
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
       <artifactId>model</artifactId>
-      <version>16.0.3</version>
+      <version>16.0.4</version>
     </dependency>
 		<dependency>
 			<groupId>xerces</groupId>

frontend-js/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>lcsb.mapviewer</groupId>
 		<artifactId>parent</artifactId>
-		<version>16.0.3</version>
+		<version>16.0.4</version>
 	</parent>
 	<artifactId>frontend-js</artifactId>
 	<name>frontend-js</name>

model-command/pom.xml

@@ -3,7 +3,7 @@
   <parent>
     <groupId>lcsb.mapviewer</groupId>
     <artifactId>parent</artifactId>
-    <version>16.0.3</version>
+    <version>16.0.4</version>
   </parent>
   <artifactId>model-command</artifactId>
   <name>Model commands</name>
@@ -16,7 +16,7 @@
 		<dependency>
     	<groupId>lcsb.mapviewer</groupId>
       <artifactId>model</artifactId>
-      <version>16.0.3</version>
+      <version>16.0.4</version>
     </dependency>
     
 
@@ -24,7 +24,7 @@
 		<dependency>
       <groupId>lcsb.mapviewer</groupId>
       <artifactId>converter-CellDesigner</artifactId>
-      <version>16.0.3</version>
+      <version>16.0.4</version>
     </dependency>
 
 		<!-- Log4J2-->

model/pom.xml

@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>lcsb.mapviewer</groupId>
 		<artifactId>parent</artifactId>
-		<version>16.0.3</version>
+		<version>16.0.4</version>
 	</parent>
 	<artifactId>model</artifactId>
 	<name>model MapViewer</name>
@@ -15,7 +15,7 @@
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>commons</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 		
 		<!-- Java xml serialization -->

pathvisio/pom.xml

@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>lcsb.mapviewer</groupId>
 		<artifactId>parent</artifactId>
-		<version>16.0.3</version>
+		<version>16.0.4</version>
 	</parent>
 	<artifactId>pathvisio</artifactId>
 	<name>Pathvisio plugin</name>
@@ -77,20 +77,20 @@
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>model</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>converter-CellDesigner</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>converter-graphics</artifactId>
 			<scope>test</scope>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<!-- Log4J2 -->

persist/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>lcsb.mapviewer</groupId>
 		<artifactId>parent</artifactId>
-		<version>16.0.3</version>
+		<version>16.0.4</version>
 	</parent>
 
 	<artifactId>persist</artifactId>
@@ -27,7 +27,7 @@
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>model</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<!-- apache ftp -->

pom.xml

@@ -6,7 +6,7 @@
 
 	<groupId>lcsb.mapviewer</groupId>
 	<artifactId>parent</artifactId>
-	<version>16.0.3</version>
+	<version>16.0.4</version>
 	<packaging>pom</packaging>
 
 	<name>parent MapViewer</name>
@@ -14,8 +14,9 @@
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 
-		<log4j2.version>2.11.2</log4j2.version>
-		<log4j-jcl-version>2.11.2</log4j-jcl-version>
+		<log4j2.version>2.15.0</log4j2.version>
+		<log4j-jcl-version>2.15.0</log4j-jcl-version>
+		<log4j-slf4jVersion>2.15.0</log4j-slf4jVersion>
 
 		<mail-version>1.4.7</mail-version>
 
@@ -74,7 +75,6 @@
 
 		<hikari.version>3.3.1</hikari.version>
 		<slf4jVersion>1.7.25</slf4jVersion>
-		<log4j-slf4jVersion>2.11.2</log4j-slf4jVersion>
 
 		<cglib.version>3.2.12</cglib.version>
 

rest-api/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>lcsb.mapviewer</groupId>
 		<artifactId>parent</artifactId>
-		<version>16.0.3</version>
+		<version>16.0.4</version>
 	</parent>
 	<artifactId>rest-api</artifactId>
 	<name>rest-api</name>
@@ -19,19 +19,19 @@
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>model</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>
 
 		<dependency>
 			<groupId>lcsb.mapviewer</groupId>
 			<artifactId>service</artifactId>
-			<version>16.0.3</version>
+			<version>16.0.4</version>
 		</dependency>