graylog-parent
Used in:
components
- OverviewOverview
- VersionsVersions
- DependentsDependents
- DependenciesDependencies
<dependency>
<groupId>org.graylog</groupId>
<artifactId>graylog-parent</artifactId>
<version>6.3.0</version>
</dependency><?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright (C) 2020 Graylog, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the Server Side Public License, version 1,
as published by MongoDB, Inc.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Server Side Public License for more details.
You should have received a copy of the Server Side Public License
along with this program. If not, see
<http://www.mongodb.com/licensing/server-side-public-license>.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<modules>
<module>graylog-project-parent</module>
<module>graylog-plugin-parent</module>
<module>graylog-plugin-archetype</module>
<module>graylog-storage-elasticsearch7</module>
<module>graylog-storage-opensearch2</module>
<module>distribution</module>
</modules>
<groupId>org.graylog</groupId>
<artifactId>graylog-parent</artifactId>
<version>6.3.0</version>
<packaging>pom</packaging>
<name>Graylog Parent POM</name>
<description>Graylog Parent POM</description>
<url>https://www.graylog.org/</url>
<licenses>
<license>
<name>Server Side Public License (SSPL) version 1</name>
<url>https://www.mongodb.com/licensing/server-side-public-license</url>
<distribution>repo</distribution>
</license>
</licenses>
<organization>
<name>Graylog, Inc.</name>
<url>https://www.graylog.org/</url>
</organization>
<developers>
<developer>
<name>${project.organization.name}</name>
<organization>${project.organization.name}</organization>
<organizationUrl>${project.organization.url}</organizationUrl>
</developer>
</developers>
<scm>
<connection>scm:git:git@github.com:Graylog2/graylog2-server.git</connection>
<developerConnection>scm:git:git@github.com:Graylog2/graylog2-server.git</developerConnection>
<url>https://github.com/Graylog2/graylog2-server</url>
<tag>HEAD</tag>
</scm>
<distributionManagement>
<snapshotRepository>
<id>sonatype-nexus-snapshots</id>
<name>Sonatype Nexus Snapshots</name>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>sonatype-nexus-staging</id>
<name>Nexus Release Repository</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<maven.compiler.release>17</maven.compiler.release>
<maven.compiler.source>17</maven.compiler.source>
<maven.compiler.target>17</maven.compiler.target>
<maven.compiler.useIncrementalCompilation>false</maven.compiler.useIncrementalCompilation>
<!-- This property will be overridden during the release to collect all artifacts in a central location. -->
<local.repo.path>${project.build.directory}/local-maven-repo</local.repo.path>
<!-- Dependencies -->
<opensearch.shaded.version>2.19.0-1</opensearch.shaded.version>
<airline.version>3.0.0</airline.version>
<amqp-client.version>5.25.0</amqp-client.version>
<antlr.version>4.13.2</antlr.version>
<apache-directory-version>2.1.7</apache-directory-version>
<apache-httpclient.version>4.5.14</apache-httpclient.version>
<apache-httpcore.version>4.4.16</apache-httpcore.version>
<asm.version>9.8</asm.version>
<auto-service.version>1.1.1</auto-service.version>
<auto-value.version>1.11.0</auto-value.version>
<auto-value-javabean.version>2.5.2</auto-value-javabean.version>
<aws-java-sdk-1.version>1.12.675</aws-java-sdk-1.version>
<aws-java-sdk-2.version>2.29.52</aws-java-sdk-2.version>
<aws-kinesis-client.version>2.6.1</aws-kinesis-client.version>
<aws-msk-iam-auth.version>2.3.2</aws-msk-iam-auth.version>
<!-- When bumping bouncycastle.version, check if the explicit management for bcutil-jdk18on can/must be removed. -->
<bouncycastle.version>1.81</bouncycastle.version>
<caffeine.version>3.2.1</caffeine.version>
<cef-parser.version>0.0.1.10</cef-parser.version>
<classgraph.version>4.8.179</classgraph.version>
<commons-codec.version>1.18.0</commons-codec.version>
<commons-csv.version>1.14.0</commons-csv.version>
<commons-email.version>1.6.0</commons-email.version>
<commons-exec.version>1.5.0</commons-exec.version>
<commons-lang3.version>3.17.0</commons-lang3.version>
<commons-net.version>3.11.1</commons-net.version>
<commons-validator.version>1.9.0</commons-validator.version>
<commons-io.version>2.19.0</commons-io.version>
<disruptor.version>4.0.0</disruptor.version>
<error-prone.version>2.38.0</error-prone.version>
<freemarker.version>2.3.34</freemarker.version>
<gcs.version>2.53.0</gcs.version>
<gelfclient.version>1.5.1</gelfclient.version>
<geoip2.version>4.3.1</geoip2.version>
<grok.version>0.1.9-graylog-3</grok.version>
<grpc.version>1.73.0</grpc.version>
<guava-retrying.version>2.0.0</guava-retrying.version>
<guava.version>33.4.8-jre</guava.version>
<guice.version>7.0.0</guice.version>
<HdrHistogram.version>2.2.2</HdrHistogram.version>
<hamcrest.version>3.0</hamcrest.version>
<hibernate-validator.version>8.0.2.Final</hibernate-validator.version>
<hk2.version>3.1.1</hk2.version> <!-- The HK2 version should match the version being used by Jersey -->
<jackson.version>2.18.3</jackson.version>
<jadconfig.version>0.15.0</jadconfig.version>
<java-semver.version>0.10.2</java-semver.version>
<javax.annotation-api.version>1.3.2</javax.annotation-api.version>
<jakarta.annotation-api.version>3.0.0</jakarta.annotation-api.version>
<jakarta.inject.version>2.0.1</jakarta.inject.version>
<jakarta.ws.rs-api.version>4.0.0</jakarta.ws.rs-api.version>
<jaxb-api.version>2.3.1</jaxb-api.version>
<jbcrypt.version>0.4</jbcrypt.version>
<jcip-annotations.version>1.0</jcip-annotations.version>
<jdot.version>1.0</jdot.version>
<jersey.version>3.1.10</jersey.version>
<jmte.version>7.0.3</jmte.version>
<joda-time.version>2.14.0</joda-time.version>
<jool.version>0.9.15</jool.version>
<json-org.version>20250517</json-org.version>
<json-path.version>2.9.0</json-path.version>
<kafka.version>3.9.0</kafka.version>
<kafka09.version>0.9.0.1-7</kafka09.version>
<log4j.version>2.24.3</log4j.version>
<lucene.version>9.12.1</lucene.version>
<metrics.version>4.2.30</metrics.version>
<mongodb-driver.version>5.5.1</mongodb-driver.version>
<mongojack.version>5.0.2</mongojack.version>
<natty.version>0.13</natty.version>
<netty.version>4.1.121.Final</netty.version>
<netty-tcnative-boringssl-static.version>2.0.70.Final</netty-tcnative-boringssl-static.version>
<okhttp.version>4.12.0</okhttp.version>
<opencsv.version>2.3</opencsv.version>
<opentelemetry.version>1.32.0</opentelemetry.version>
<opentelemetry-proto.version>1.3.2-alpha</opentelemetry-proto.version>
<os-platform-finder.version>1.2.3</os-platform-finder.version>
<owasp-sanitizer.version>20240325.1</owasp-sanitizer.version>
<pkts.version>3.0.18</pkts.version>
<prometheus-client.version>0.16.0</prometheus-client.version>
<protobuf.version>3.25.8</protobuf.version>
<reflections.version>0.10.2</reflections.version>
<retrofit.version>3.0.0</retrofit.version>
<semver4j.version>2.2.0-graylog.1</semver4j.version>
<shiro.version>2.0.4</shiro.version>
<snakeyaml.version>2.4</snakeyaml.version>
<snappy-java.version>1.1.10.7</snappy-java.version>
<oshi.version>6.8.2</oshi.version>
<siv-mode.version>1.6.1</siv-mode.version>
<slf4j.version>2.0.17</slf4j.version>
<streamex.version>0.8.3</streamex.version>
<swagger.version>1.6.16</swagger.version>
<syslog4j.version>0.9.61</syslog4j.version>
<threeten-extra.version>1.8.0</threeten-extra.version>
<ulid.version>8.3.0</ulid.version>
<unboundid-ldap.version>7.0.3</unboundid-ldap.version>
<uuid.version>3.2.1</uuid.version>
<validation-api.version>3.1.1</validation-api.version>
<zstd.version>1.5.7-3</zstd.version>
<cron-utils.version>9.2.1</cron-utils.version>
<asciitable.version>0.3.2</asciitable.version>
<jjwt.version>0.12.6</jjwt.version>
<stateless4j.version>2.6.0</stateless4j.version>
<poi.version>5.4.1</poi.version>
<!-- Test dependencies -->
<apacheds-server.version>2.0.0.AM27</apacheds-server.version>
<assertj-core.version>3.27.3</assertj-core.version>
<assertj-joda-time.version>2.2.0</assertj-joda-time.version>
<awaitility.version>4.3.0</awaitility.version>
<equalsverifier.version>4.0.2</equalsverifier.version>
<jukito.version>1.5</jukito.version>
<junit.version>4.13.2</junit.version>
<junit-jupiter.version>5.12.2</junit-jupiter.version>
<mockito.version>5.18.0</mockito.version>
<restassured.version>5.5.5</restassured.version>
<system-rules.version>1.19.0</system-rules.version>
<testcontainers.version>1.21.1</testcontainers.version>
<testcontainers.opensearch.version>2.1.3</testcontainers.opensearch.version>
<graalvm.version>24.2.1</graalvm.version>
<!-- Nodejs dependencies -->
<nodejs.version>v20.17.0</nodejs.version>
<yarn.version>v1.22.22</yarn.version>
<!-- Plugin versions -->
<license-maven.version>5.0.0</license-maven.version>
<download-maven-plugin.version>1.6.8.1</download-maven-plugin.version>
<os-maven-plugin.version>1.7.1</os-maven-plugin.version>
<protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version>
</properties>
<!-- Ensure consistent versions across dependencies and transitive dependencies -->
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-bom</artifactId>
<version>${log4j.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${apache-httpclient.version}</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpmime</artifactId>
<version>${apache-httpclient.version}</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
<version>${apache-httpcore.version}</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore-nio</artifactId>
<version>${apache-httpcore.version}</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-bom</artifactId>
<version>${netty.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>bom</artifactId>
<version>${aws-java-sdk-2.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-bom</artifactId>
<version>${aws-java-sdk-1.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>google-cloud-storage</artifactId>
<version>${gcs.version}</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative-boringssl-static</artifactId>
<version>${netty-tcnative-boringssl-static.version}</version>
<classifier>osx-x86_64</classifier>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative-boringssl-static</artifactId>
<version>${netty-tcnative-boringssl-static.version}</version>
<classifier>osx-aarch_64</classifier>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative-boringssl-static</artifactId>
<version>${netty-tcnative-boringssl-static.version}</version>
<classifier>linux-x86_64</classifier>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative-boringssl-static</artifactId>
<version>${netty-tcnative-boringssl-static.version}</version>
<classifier>linux-aarch_64</classifier>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>${commons-lang3.version}</version>
</dependency>
<dependency>
<groupId>com.github.luben</groupId>
<artifactId>zstd-jni</artifactId>
<version>${zstd.version}</version>
</dependency>
<dependency>
<groupId>com.jayway.jsonpath</groupId>
<artifactId>json-path</artifactId>
<version>${json-path.version}</version>
</dependency>
<!-- Manage json-smart to version >= 2.5.2 to address CVE-2024-57699. json-smart is only used as a
transitive dependency (e.g. for json-path), so when updating the version here, check if we still need
to manage the version ourselves. -->
<dependency>
<groupId>net.minidev</groupId>
<artifactId>json-smart</artifactId>
<version>2.5.2</version>
</dependency>
<dependency>
<groupId>org.ow2.asm</groupId>
<artifactId>asm</artifactId>
<version>${asm.version}</version>
</dependency>
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
<version>${joda-time.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson</groupId>
<artifactId>jackson-bom</artifactId>
<version>${jackson.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>${snakeyaml.version}</version>
</dependency>
<dependency>
<groupId>org.json</groupId>
<artifactId>json</artifactId>
<version>${json-org.version}</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>${jjwt.version}</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>${jjwt.version}</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>${jjwt.version}</version>
</dependency>
<dependency>
<groupId>org.xerial.snappy</groupId>
<artifactId>snappy-java</artifactId>
<version>${snappy-java.version}</version>
</dependency>
<dependency>
<groupId>com.google.protobuf</groupId>
<artifactId>protobuf-bom</artifactId>
<version>${protobuf.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<!-- Still needed because the protobuf compiler adds javax.annotation.Generated
annotations to generated classes -->
<dependency>
<groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
<version>${javax.annotation-api.version}</version>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-bom</artifactId>
<version>${grpc.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>com.cronutils</groupId>
<artifactId>cron-utils</artifactId>
<version>${cron-utils.version}</version>
</dependency>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>${okhttp.version}</version>
</dependency>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp-tls</artifactId>
<version>${okhttp.version}</version>
</dependency>
<dependency>
<groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
<artifactId>owasp-java-html-sanitizer</artifactId>
<version>${owasp-sanitizer.version}</version>
</dependency>
<!-- Explicitly manage avro to fix CVE-2023-39410. We are using this only as a transitive dependency in
plugins. Remove once its usages are updated and the fixed version is pulled in automatically. -->
<dependency>
<groupId>org.apache.avro</groupId>
<artifactId>avro</artifactId>
<version>1.12.0</version>
</dependency>
<!-- Explicitly manage commons-compress to fix CVE-2023-42503. We are using this only as a transitive
dependency in plugins. Remove once its usages are updated and the fixed version is pulled in
automatically. -->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
<version>1.27.1</version>
</dependency>
<dependency>
<groupId>commons-net</groupId>
<artifactId>commons-net</artifactId>
<version>${commons-net.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-exec</artifactId>
<version>${commons-exec.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-csv</artifactId>
<version>${commons-csv.version}</version>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-bom</artifactId>
<version>${metrics.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<!-- Always check mongojack dependencies to see if we need to adjust our mongodb-driver dependencies -->
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongodb-driver-sync</artifactId>
<version>${mongodb-driver.version}</version>
</dependency>
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongodb-driver-legacy</artifactId>
<version>${mongodb-driver.version}</version>
</dependency>
<dependency>
<groupId>org.mongojack</groupId>
<artifactId>mongojack</artifactId>
<version>${mongojack.version}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
<version>${bouncycastle.version}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>${bouncycastle.version}</version>
</dependency>
<!-- Manage bcutil-jdk18on, because bcpkix-jdk18on version 1.80 declares it as a dependency with a dynamic
version of [1.80,1.81). We enforce deterministic versions with the enforcer plugin, though. When updating
bouncycastle versions, check if this management can or must be removed again. -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcutil-jdk18on</artifactId>
<version>${bouncycastle.version}</version>
</dependency>
<dependency>
<groupId>org.threeten</groupId>
<artifactId>threeten-extra</artifactId>
<version>${threeten-extra.version}</version>
</dependency>
<!-- test -->
<dependency>
<groupId>org.junit</groupId>
<artifactId>junit-bom</artifactId>
<version>${junit-jupiter.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-bom</artifactId>
<version>${mockito.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest</artifactId>
<version>${hamcrest.version}</version>
</dependency>
<dependency>
<groupId>org.awaitility</groupId>
<artifactId>awaitility</artifactId>
<version>${awaitility.version}</version>
</dependency>
<dependency>
<groupId>com.google.auto.service</groupId>
<artifactId>auto-service-annotations</artifactId>
<version>${auto-service.version}</version>
</dependency>
<dependency>
<groupId>com.google.auto.value</groupId>
<artifactId>auto-value-annotations</artifactId>
<version>${auto-value.version}</version>
</dependency>
<dependency>
<groupId>org.graylog.autovalue</groupId>
<artifactId>auto-value-javabean</artifactId>
<version>${auto-value-javabean.version}</version>
</dependency>
<dependency>
<groupId>io.opentelemetry.proto</groupId>
<artifactId>opentelemetry-proto</artifactId>
<version>${opentelemetry-proto.version}</version>
</dependency>
<!-- Explicitly manage mina-core to fix CVE-2024-52046. We are only using mina-core as a transitive
dependency for the Apache DS server in our tests. Remove once its usages are updated and the fixed
version is pulled in automatically. -->
<dependency>
<groupId>org.apache.mina</groupId>
<artifactId>mina-core</artifactId>
<version>2.2.4</version>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<extensions>
<extension>
<groupId>kr.motd.maven</groupId>
<artifactId>os-maven-plugin</artifactId>
<version>${os-maven-plugin.version}</version>
</extension>
</extensions>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId>
<version>3.5.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<version>3.1.4</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.14.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>3.3.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<version>3.7.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.11.2</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>3.4.2</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>3.3.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<version>3.6.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<version>3.1.4</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>3.1.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.26.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.2.7</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.5.3</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-failsafe-plugin</artifactId>
<version>3.5.3</version>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.18.0</version>
</plugin>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.9.3.0</version>
</plugin>
<plugin>
<groupId>de.thetaphi</groupId>
<artifactId>forbiddenapis</artifactId>
<version>3.9</version>
</plugin>
<plugin>
<groupId>com.github.eirslett</groupId>
<artifactId>frontend-maven-plugin</artifactId>
<version>1.15.1</version>
</plugin>
<plugin>
<groupId>org.antlr</groupId>
<artifactId>antlr4-maven-plugin</artifactId>
<version>${antlr.version}</version>
</plugin>
<plugin>
<groupId>com.mycila</groupId>
<artifactId>license-maven-plugin</artifactId>
<version>${license-maven.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.5.0</version>
</plugin>
<plugin>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-maven-plugin</artifactId>
<version>2.9.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-antrun-plugin</artifactId>
<version>3.1.0</version>
</plugin>
<plugin>
<groupId>org.xolstice.maven.plugins</groupId>
<artifactId>protobuf-maven-plugin</artifactId>
<version>${protobuf-maven-plugin.version}</version>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-failsafe-plugin</artifactId>
<configuration>
<forkCount>1</forkCount>
<skip>false</skip>
</configuration>
<executions>
<execution>
<goals>
<goal>integration-test</goal>
<goal>verify</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<executions>
<execution>
<id>enforce-versions</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<fail>true</fail>
<failFast>false</failFast>
<rules>
<bannedDependencies>
<searchTransitive>true</searchTransitive>
<excludes>
<!-- We use log4j-over-slf4j, so we need to make sure we don't pull in
the actual log4j 1.x dependency to avoid conflicts. http://www.slf4j.org/legacy.html#log4j-over-slf4j -->
<exclude>log4j:log4j</exclude>
<!-- This dependency also pulls in log4j 1.x -->
<exclude>org.apache.log4j.wso2:log4j</exclude>
<!-- We use jcl-over-slf4j, so we need to make sure we don't pull in
the actual commons-logging dependency to avoid conflicts. http://www.slf4j.org/legacy.html#jclOverSLF4J -->
<exclude>commons-logging:commons-logging</exclude>
<!-- Make sure we don't pull in vulnerable log4j2 versions (CVE-2021-45046, CVE-2021-44228) -->
<exclude>org.apache.logging.log4j:*:(,2.16)</exclude>
<!-- Pulling in slf4j-simple creates warnings about multiple SLF4J bindings on server startup -->
<exclude>org.slf4j:slf4j-simple</exclude>
<!-- Newer asm versions are published under the org.ow2.asm groupId. Avoid conflicts by banning the old one. -->
<exclude>asm:asm</exclude>
<!-- Mockito should by now have all the features we need. -->
<exclude>org.powermock</exclude>
<!-- Ban AWS SDK bundle dependencies for v1 and v2. These would add hundreds of
megabytes to our production artifacts and must be avoided. -->
<exclude>com.amazonaws:aws-java-sdk-bundle</exclude>
<exclude>software.amazon.awssdk:bundle</exclude>
<!-- Ban some javax dependencies after the move to jakarta -->
<exclude>javax.inject:*</exclude>
<exclude>javax.ws.rs:javax.*</exclude>
<exclude>com.fasterxml.jackson.jaxrs:*</exclude>
<!-- Ban bouncycastle jdk15on dependencies. We are using jdk18on equivalents instead. -->
<exclude>org.bouncycastle:bcprov-jdk15on</exclude>
<exclude>org.bouncycastle:bcpkix-jdk15on</exclude>
<exclude>org.bouncycastle:bcutil-jdk15on</exclude>
</excludes>
</bannedDependencies>
<banDuplicatePomDependencyVersions/>
<banDynamicVersions>
<ignores>
<ignore>org.graylog2</ignore>
<ignore>org.graylog</ignore>
<ignore>org.graylog.plugins</ignore>
</ignores>
</banDynamicVersions>
<RestrictImports>
<groups>
<group>
<reason>Data Node packages must not be used outside the data-node/ module.</reason>
<bannedImports>
<bannedImport>org.graylog.datanode.**</bannedImport>
</bannedImports>
</group>
</groups>
</RestrictImports>
<requireMavenVersion>
<!-- Enforce the same version we define in the maven wrapper -->
<version>[3.9.6,3.99.99]</version>
</requireMavenVersion>
<requireJavaVersion>
<version>[17.0,17.99]</version>
</requireJavaVersion>
<requireOS>
<family>unix</family>
</requireOS>
</rules>
</configuration>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>de.skuzzle.enforcer</groupId>
<artifactId>restrict-imports-enforcer-rule</artifactId>
<version>2.6.1</version>
<scope>compile</scope>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>de.thetaphi</groupId>
<artifactId>forbiddenapis</artifactId>
<configuration>
<suppressAnnotations>
<suppressAnnotation>org.graylog2.shared.SuppressForbidden</suppressAnnotation>
</suppressAnnotations>
<!-- if the used Java version is too new, don't fail, just do nothing: -->
<failOnUnsupportedJava>false</failOnUnsupportedJava>
<failOnViolation>true</failOnViolation>
<ignoreSignaturesOfMissingClasses>true</ignoreSignaturesOfMissingClasses>
<bundledSignatures>
<!-- We want to allow String#formatted without charset. -->
<bundledSignature>jdk-unsafe-14</bundledSignature>
<!-- This will automatically choose the right signatures based on 'maven.compiler.target': -->
<bundledSignature>jdk-deprecated</bundledSignature>
<bundledSignature>jdk-reflection</bundledSignature>
<!-- disallow undocumented classes like sun.misc.Unsafe: -->
<bundledSignature>jdk-non-portable</bundledSignature>
<!-- Workaround until signatures for ${commons-io.version} are released: -->
<bundledSignature>commons-io-unsafe-2.14.0</bundledSignature>
</bundledSignatures>
<signatures>
<![CDATA[
org.jboss.netty.** @ Migrate to Netty 4.x
@defaultMessage Use a custom thread factory to ensure proper thread naming.
java.util.concurrent.Executors#defaultThreadFactory()
java.util.concurrent.Executors#newCachedThreadPool()
java.util.concurrent.Executors#newFixedThreadPool(int)
java.util.concurrent.Executors#newScheduledThreadPool(int)
java.util.concurrent.Executors#newSingleThreadExecutor()
java.util.concurrent.Executors#newSingleThreadScheduledExecutor()
java.util.concurrent.Executors#privilegedThreadFactory()
@defaultMessage Constructing a DateTime without a time zone is dangerous
org.joda.time.DateTime#<init>()
org.joda.time.DateTime#<init>(long)
org.joda.time.DateTime#<init>(int, int, int, int, int)
org.joda.time.DateTime#<init>(int, int, int, int, int, int)
org.joda.time.DateTime#<init>(int, int, int, int, int, int, int)
org.joda.time.DateTime#now()
org.joda.time.DateTimeZone#getDefault()
@defaultMessage Please do not try to stop the world
java.lang.System#gc()
java.lang.Character#codePointBefore(char[],int) @ Implicit start offset is error-prone when the char[] is a buffer and the first chars are random chars
java.lang.Character#codePointAt(char[],int) @ Implicit end offset is error-prone when the char[] is a buffer and the last chars are random chars
@defaultMessage Only use wait / notify when really needed try to use concurrency primitives, latches or callbacks instead.
java.lang.Object#wait()
java.lang.Object#wait(long)
java.lang.Object#wait(long,int)
java.lang.Object#notify()
java.lang.Object#notifyAll()
@defaultMessage Beware of the behavior of this method on MIN_VALUE
java.lang.Math#abs(int)
java.lang.Math#abs(long)
@defaultMessage Use Channels.* methods to write to channels. Do not read/write directly.
java.nio.channels.WritableByteChannel#write(java.nio.ByteBuffer)
java.nio.channels.FileChannel#write(java.nio.ByteBuffer, long)
java.nio.channels.GatheringByteChannel#write(java.nio.ByteBuffer[], int, int)
java.nio.channels.GatheringByteChannel#write(java.nio.ByteBuffer[])
java.nio.channels.ReadableByteChannel#read(java.nio.ByteBuffer)
java.nio.channels.ScatteringByteChannel#read(java.nio.ByteBuffer[])
java.nio.channels.ScatteringByteChannel#read(java.nio.ByteBuffer[], int, int)
java.nio.channels.FileChannel#read(java.nio.ByteBuffer, long)
@defaultMessage Convert to URI
java.net.URL#getPath()
java.net.URL#getFile()
@defaultMessage Use java.nio.file instead of java.io.File API
# java.util.jar.JarFile
# java.util.zip.ZipFile
# java.io.File
# java.io.FileInputStream
# java.io.FileOutputStream
java.io.PrintStream#<init>(java.lang.String,java.lang.String)
java.io.PrintWriter#<init>(java.lang.String,java.lang.String)
java.util.Formatter#<init>(java.lang.String,java.lang.String,java.util.Locale)
java.io.RandomAccessFile
# java.nio.file.Path#toFile()
@defaultMessage Specify a location for the temp file/directory instead.
java.nio.file.Files#createTempDirectory(java.lang.String,java.nio.file.attribute.FileAttribute[])
java.nio.file.Files#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute[])
com.google.common.collect.Iterators#emptyIterator() @ Use Collections.emptyIterator instead
@defaultMessage Don't use java serialization - this can break BWC without noticing it
java.io.ObjectOutputStream
java.io.ObjectOutput
java.io.ObjectInputStream
java.io.ObjectInput
@defaultMessage avoid DNS lookups by accident: if you have a valid reason, then use SuppressWarnings with that reason so its completely clear
java.net.InetAddress#getHostName()
java.net.InetAddress#getCanonicalHostName()
java.net.InetSocketAddress#getHostName() @ Use getHostString() instead, which avoids a DNS lookup
@defaultMessage Avoid unchecked warnings by using Collections#empty(List|Map|Set) methods
java.util.Collections#EMPTY_LIST
java.util.Collections#EMPTY_MAP
java.util.Collections#EMPTY_SET
java.util.Collections#shuffle(java.util.List) @ Use java.util.Collections#shuffle(java.util.List, java.util.Random) with a reproducible source of randomness
com.google.common.base.Charsets @ Use java.nio.charset.StandardCharsets
@defaultMessage Don't use imports from shaded or denied dependencies
joptsimple.internal.**
org.testcontainers.shaded.**
edu.emory.mathcs.backport.java.util.**
org.apache.directory.api.util.**
org.apache.groovy.util.**
org.apache.logging.log4j.util.Strings
org.graylog.shaded.kafka09.joptsimple.**
org.assertj.core.util.**
org.bouncycastle.util.Strings
org.junit.jupiter.params.shadow.**
org.apache.http.util.**
io.trino.hadoop.$internal.**
autovalue.shaded.org.**
@defaultMessage Use jakarta.inject.
com.google.inject.Inject
com.google.inject.Scope
com.google.inject.Singleton
com.google.inject.Provider
com.google.inject.name.Named
javax.inject.**
javax.persistence.** @ Use jakarta.persistence.
@defaultMessage Use jakarta.annotation.
javax.annotation.sql.**
javax.annotation.security.**
javax.annotation.Resources
javax.annotation.Resource
javax.annotation.Resource$AuthenticationType
javax.annotation.ManagedBean
javax.annotation.Generated
javax.annotation.PreDestroy
javax.annotation.Priority
javax.annotation.PostConstruct
@defaultMessage Use jakarta.validation.
javax.validation.**
org.jetbrains.annotations.NotNull @ Use jakarta.annotation.Nonnull
org.jetbrains.annotations.Nullable @ Use jakarta.annotation.Nullable
org.checkerframework.checker.nullness.qual.** @ Use jakarta.annotation.**
com.mongodb.DuplicateKeyException @ Use org.graylog2.database.utils.MongoUtil#isDuplicateKeyError(MongoException)
@defaultMessage Use org.apache.lucene.
org.graylog.shaded.opensearch2.org.apache.lucene.index.**
org.graylog.shaded.opensearch2.org.apache.lucene.store.**
]]>
</signatures>
</configuration>
<executions>
<execution>
<id>forbidden-apis-src</id>
<phase>compile</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
<execution>
<id>forbidden-apis-test</id>
<phase>test-compile</phase>
<goals>
<goal>testCheck</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<release>17</release>
<showWarnings>true</showWarnings>
<showDeprecation>true</showDeprecation>
<forceJavacCompilerUse>true</forceJavacCompilerUse>
<compilerArgs>
<arg>-XDcompilePolicy=simple</arg>
<arg>--should-stop=ifError=FLOW</arg>
<!--
We disabled checks that don't apply to us because we either don't use the platform or
library. (e.g., Android, Flogger) Disabling those checks improves compile times.
See available bug patterns: https://errorprone.info/bugpatterns
-->
<arg>
-Xplugin:ErrorProne
-Xep:DoNotMock:WARN
-XepDisableWarningsInGeneratedCode
-XepExcludedPaths:.*/target/generated-sources/.*
-Xep:AndroidInjectionBeforeSuper:OFF
-Xep:BugPatternNaming:OFF
-Xep:BundleDeserializationCast:OFF
-Xep:DaggerProvidesNull:OFF
-Xep:FloggerArgumentToString:OFF
-Xep:FloggerFormatString:OFF
-Xep:FloggerLogString:OFF
-Xep:FloggerLogVarargs:OFF
-Xep:FloggerLogWithCause:OFF
-Xep:FloggerMessageFormat:OFF
-Xep:FloggerRedundantIsEnabled:OFF
-Xep:FloggerRequiredModifiers:OFF
-Xep:FloggerSplitLogStatement:OFF
-Xep:FloggerStringConcatenation:OFF
-Xep:FloggerWithCause:OFF
-Xep:FloggerWithoutCause:OFF
-Xep:FragmentInjection:OFF
-Xep:FragmentNotInstantiable:OFF
-Xep:ICCProfileGetInstance:OFF
-Xep:IsLoggableTagLength:OFF
-Xep:JUnit3FloatingPointComparisonWithoutDelta:OFF
-Xep:JUnit3TestNotRun:OFF
-Xep:JUnit4ClassUsedInJUnit3:OFF
-Xep:JUnitAmbiguousTestClass:OFF
-Xep:MislabeledAndroidString:OFF
-Xep:MissingRefasterAnnotation:OFF
-Xep:OutlineNone:OFF
-Xep:ParcelableCreator:OFF
-Xep:RectIntersectReturnValueIgnored:OFF
-Xep:RobolectricShadowDirectlyOn:OFF
-Xep:StringCaseLocaleUsage:OFF
-Xep:SwigMemoryLeak:OFF
-Xep:ArrayRecordComponent:ERROR
-Xep:DefaultCharset:ERROR
-Xep:DoubleCheckedLocking:ERROR
-Xep:InconsistentHashCode:ERROR
-Xep:IncrementInForLoopAndHeader:ERROR
-Xep:NonAtomicVolatileUpdate:ERROR
-Xep:PrimitiveAtomicReference:ERROR
-Xep:WildcardImport:ERROR
-Xep:JavaDurationGetSecondsToToSeconds:ERROR
</arg>
</compilerArgs>
<annotationProcessorPaths>
<path>
<groupId>com.google.errorprone</groupId>
<artifactId>error_prone_core</artifactId>
<version>${error-prone.version}</version>
</path>
<path>
<groupId>com.google.auto.service</groupId>
<artifactId>auto-service</artifactId>
<version>${auto-service.version}</version>
</path>
<path>
<groupId>com.google.auto.value</groupId>
<artifactId>auto-value</artifactId>
<version>${auto-value.version}</version>
</path>
<path>
<groupId>org.graylog.autovalue</groupId>
<artifactId>auto-value-javabean</artifactId>
<version>${auto-value-javabean.version}</version>
</path>
</annotationProcessorPaths>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<configuration>
<autoVersionSubmodules>true</autoVersionSubmodules>
<mavenExecutorId>forked-path</mavenExecutorId>
<tagNameFormat>@{project.version}</tagNameFormat>
<preparationGoals>clean test</preparationGoals>
<releaseProfiles>release-profile,release</releaseProfiles>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<attach>true</attach>
<appendAssemblyId>false</appendAssemblyId>
<!-- we don't care about assembling the parent, just run the goal on the project, pretty please -->
<ignoreMissingDescriptor>true</ignoreMissingDescriptor>
<tarLongFileMode>posix</tarLongFileMode>
</configuration>
</plugin>
<plugin>
<groupId>org.graylog.repackaged</groupId>
<artifactId>download-maven-plugin</artifactId>
<version>${download-maven-plugin.version}</version>
<configuration>
<!-- Avoid metadata problems with the cache directory of older plugin versions. Bump the rev when updating the download-maven-plugin. -->
<cacheDirectory>${settings.localRepository}/.cache/download-maven-plugin-rev1</cacheDirectory>
<followRedirects>true</followRedirects>
<retries>5</retries>
</configuration>
</plugin>
<plugin>
<groupId>com.mycila</groupId>
<artifactId>license-maven-plugin</artifactId>
<configuration>
<aggregate>false</aggregate>
<mapping>
<java>SLASHSTAR_STYLE</java>
<jsx>SLASHSTAR_STYLE</jsx>
<ts>SLASHSTAR_STYLE</ts>
<tsx>SLASHSTAR_STYLE</tsx>
</mapping>
<licenseSets>
<licenseSet>
<header>com/mycila/maven/plugin/license/templates/SSPL-1.txt</header>
<properties>
<year>2020</year>
<owner>Graylog, Inc.</owner>
</properties>
<keywords>
<keyword>Server Side Public License for more details</keyword>
</keywords>
<includes>
<include>**/src/main/java/**</include>
<include>**/src/test/java/**</include>
<include>**/pom.xml</include>
<include>*.js</include>
<include>src/web/**/*.js</include>
<include>src/web/**/*.jsx</include>
<include>src/web/**/*.ts</include>
<include>src/web/**/*.tsx</include>
<include>graylog2-web-interface/*.js</include>
<include>graylog2-web-interface/*.ts</include>
<include>graylog2-web-interface/config/**/*.js</include>
<include>graylog2-web-interface/config/**/*.ts</include>
<include>graylog2-web-interface/packages/**/*.js</include>
<include>graylog2-web-interface/packages/**/*.jsx</include>
<include>graylog2-web-interface/packages/**/*.ts</include>
<include>graylog2-web-interface/packages/**/*.tsx</include>
<include>graylog2-web-interface/src/**/*.js</include>
<include>graylog2-web-interface/src/**/*.jsx</include>
<include>graylog2-web-interface/src/**/*.ts</include>
<include>graylog2-web-interface/src/**/*.tsx</include>
<include>graylog2-web-interface/test/**/*.js</include>
<include>graylog2-web-interface/test/**/*.jsx</include>
<include>graylog2-web-interface/test/**/*.ts</include>
<include>graylog2-web-interface/test/**/*.tsx</include>
<include>graylog2-web-interface/webpack/**/*.js</include>
<include>graylog2-web-interface/webpack/**/*.ts</include>
</includes>
<excludes>
<exclude>**/resources/swagger/**</exclude>
</excludes>
</licenseSet>
</licenseSets>
</configuration>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>datanode</id>
<activation>
<property>
<name>!skip.datanode</name>
</property>
</activation>
<modules>
<module>data-node</module>
</modules>
</profile>
<profile>
<id>release</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<configuration>
<keyname>B1606F22</keyname>
</configuration>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<configuration>
<goals>deploy</goals>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<retryFailedDeploymentCount>5</retryFailedDeploymentCount>
<!-- We use a local repository for deployment because we handle Maven Central deployments
separately in a later step of the release process. -->
<altDeploymentRepository>local::file://${local.repo.path}</altDeploymentRepository>
<deployAtEnd>true</deployAtEnd>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>