Fix build script & use Log4j 2.17.1 as per CVE-2021-44228 and CVE-2021-44832

This commit is contained in:
~keith 2022-01-17 20:50:10 +00:00
parent 020102d87f
commit 858f7bda1e
Signed by: keith
GPG key ID: 5BEBEEAB2C73D520
3 changed files with 10 additions and 4 deletions

2
.gitignore vendored
View file

@ -39,7 +39,7 @@ changelog.txt
*.7z
/logs/
gradle.properties
#gradle.properties
!/mdk/gradle.properties
/projects/forge/rejects/

View file

@ -1,7 +1,8 @@
buildscript {
repositories {
mavenLocal()
maven { url = 'https://files.minecraftforge.net/maven' }
maven { url = 'https://files.minecraftforge.net/maven/' }
maven { url = 'https://libraries.minecraft.net/' }
jcenter()
//mavenCentral() //TODO: Update Gradle to use HTTPS by default
maven {
@ -77,6 +78,8 @@ project(':clean') {
repositories {
mavenLocal()
maven { url = 'https://files.minecraftforge.net/maven/' }
maven { url = 'https://libraries.minecraft.net/' }
//mavenCentral() //TODO: Update Gradle to use HTTPS by default
maven {
name 'maven_central'
@ -189,6 +192,8 @@ project(':forge') {
repositories {
mavenLocal()
maven { url = 'https://files.minecraftforge.net/maven/' }
maven { url = 'https://libraries.minecraft.net/' }
//mavenCentral() //TODO: Update Gradle to use HTTPS by default
maven {
name 'maven_central'
@ -449,8 +454,8 @@ project(':forge') {
installer 'org.jline:jline:3.12.+'
installer 'org.apache.maven:maven-artifact:3.6.0'
installer 'net.jodah:typetools:0.8.+'
installer 'org.apache.logging.log4j:log4j-api:2.11.2'
installer 'org.apache.logging.log4j:log4j-core:2.11.2'
installer 'org.apache.logging.log4j:log4j-api:2.17.1'
installer 'org.apache.logging.log4j:log4j-core:2.17.1'
installer 'net.minecrell:terminalconsoleappender:1.2.+'
installer 'net.sf.jopt-simple:jopt-simple:5.0.4'
installer 'org.spongepowered:mixin:0.8.2'

1
gradle.properties Normal file
View file

@ -0,0 +1 @@
org.gradle.jvmargs=-Xmx4096m -XX:MaxPermSize=4096m -XX:+HeapDumpOnOutOfMemoryError