mirror of https://github.com/bisq-network/bisq.git synced 2025-03-03 18:56:59 +01:00

History

Chris Beams 55becc59c0 Avoid Log4J "Log4Shell" exploit This commit upgrades our transitive dependency on Log4J 2 from 2.14.1 to the newly-released 2.15.0 to avoid the CVE described at https://www.lunasec.io/docs/blog/log4j-zero-day/. We do not use log4j directly anywhere in our codebase, so our exposure to this exploit was already mitigated if not eliminated, but Spring Boot depends on Log4J 2 internally. This commit upgrades Spring Boot's underlying dependency on Log4J to 2.15.0 in the manner recommended at https://github.com/spring-projects/spring-boot/issues/28958.		2021-12-10 10:40:36 +01:00
..
wrapper	Upgrade to Gradle 7.3	2021-11-13 12:09:22 +01:00
README.md	Codacy: Test tag to skip check	2020-09-19 07:50:50 +02:00
verification-metadata.xml	Avoid Log4J "Log4Shell" exploit	2021-12-10 10:40:36 +01:00

README.md

How to upgrade the Gradle version

Visit the Gradle website and decide the:

desired version
desired distribution type
what is the sha256 for the version and type chosen above

Adjust the following command with tha arguments above and execute it twice:

./gradlew wrapper --gradle-version 6.6.1 \
    --distribution-type all \
    --gradle-distribution-sha256-sum 11657af6356b7587bfb37287b5992e94a9686d5c8a0a1b60b87b9928a2decde5

The first execution should automatically update:

bisq/gradle/wrapper/gradle-wrapper.properties

The second execution should then update:

bisq/gradle/wrapper/gradle-wrapper.jar
bisq/gradlew
bisq/gradlew.bat

The four updated files are ready to be committed.