Merge pull request #19363 Release 7.3.3

released-versions.json

@@ -4,10 +4,14 @@
     "buildTime": "20211202003143+0000"
   },
   "latestRc": {
-     "version": "7.3-rc-5",
-     "buildTime": "20211105184337+0000"
+    "version": "7.3-rc-5",
+    "buildTime": "20211105184337+0000"
   },
   "finalReleases": [
+    {
+      "version": "7.3.2",
+      "buildTime": "20211215112231+0000"
+    },
     {
       "version": "7.3.1",
       "buildTime": "20211201154220+0000"
@@ -453,4 +457,4 @@
       "buildTime": "20090720085013+0200"
     }
   ]
-}
+}

subprojects/dependency-management/src/integTest/groovy/org/gradle/integtests/resolve/ScriptDependencyResolveIntegrationTest.groovy

@@ -95,7 +95,7 @@ rootProject.name = 'testproject'
     @Issue("gradle/gradle#19300")
     def 'carries implicit constraint for log4j-core'() {
         given:
-        mavenRepo().module('org.apache.logging.log4j', 'log4j-core', '2.16.0').publish()
+        mavenRepo().module('org.apache.logging.log4j', 'log4j-core', '2.17.0').publish()
 
         and:
         settingsFile << """
@@ -120,7 +120,7 @@ rootProject.name = 'testproject'
 
         expect:
         succeeds 'buildEnvironment'
-        outputContains('org.apache.logging.log4j:log4j-core:{require 2.16.0; reject [2.0, 2.16)} -> 2.16.0 (c)')
+        outputContains('org.apache.logging.log4j:log4j-core:{require 2.17.0; reject [2.0, 2.17)} -> 2.17.0 (c)')
     }
 
     @Issue("gradle/gradle#19300")
@@ -160,6 +160,6 @@ rootProject.name = 'testproject'
 
         expect:
         succeeds 'buildEnvironment'
-        outputContains('org.apache.logging.log4j:log4j-core:{require 2.16.0; reject [2.0, 2.16)} -> 3.1.0 (c)')
+        outputContains('org.apache.logging.log4j:log4j-core:{require 2.17.0; reject [2.0, 2.17)} -> 3.1.0 (c)')
     }
 }

subprojects/docs/src/docs/release/notes.md

@@ -1,5 +1,24 @@
 The Gradle team is excited to announce Gradle @version@.
 
+This is the third patch release for Gradle 7.3.
+
+It fixes the following issue:
+* [#19360](https://github.com/gradle/gradle/issues/19360) Upgrade checks to Log4j 2.17.0
+
+Issues fixed in second patch release:
+* [#19300](https://github.com/gradle/gradle/issues/19300) Mitigations for log4j vulnerability in Gradle builds
+* [#19257](https://github.com/gradle/gradle/issues/19257) Incremental java compilation fails when renaming classname with $ character
+
+Issues fixed in first patch release:
+* [#19058](https://github.com/gradle/gradle/issues/19058) Consider reverting breaking change about test configuration
+* [#19067](https://github.com/gradle/gradle/issues/19067) Fix multiple annotation processing issues discovered by Micronaut
+
+We recommend users upgrade to @version@ instead of 7.3.
+
+Given the context of the Log4Shell vulnerability, make sure you take a look at [our blog post](https://blog.gradle.org/log4j-vulnerability) on this topic.
+
+----
+
 This release [introduces a declarative test suite API](#test-suites) for JVM projects, adds [support for building projects with Java 17](#java17),  and updates the Scala plugin to support [Scala 3](#scala).
 
 There are also changes to make builds [more reliable](#reliability), provide [additional details to IDEs when downloading dependencies](#tooling-api), improve [untracked files in custom plugins](#untracked), several [bug fixes](#fixed-issues) and more.
@@ -34,7 +53,7 @@ Switch your build to use Gradle @version@ by updating your wrapper:
 
 See the [Gradle 7.x upgrade guide](userguide/upgrading_version_7.html#changes_@baseVersion@) to learn about deprecations, breaking changes and other considerations when upgrading to Gradle @version@.
 
-NOTE: Gradle 7.3 has had *two* patch releases, which fixes several issues from the original release.
+NOTE: Gradle 7.3 has had *three* patch releases, which fixes several issues from the original release.
 We recommend always using the latest patch release.
 
 For Java, Groovy, Kotlin and Android compatibility, see the [full compatibility notes](userguide/compatibility.html).
@@ -208,10 +227,14 @@ The [`@DisableCachingByDefault` annotation](userguide/build_cache.html#sec:task_
 
 ## Fixed issues
 
+[Fixed issues in 7.3](../7.3/release-notes.html#fixed-issues)
+
 ## Known issues
 
 Known issues are problems that were discovered post release that are directly related to changes made in this release.
 
+[Known issues in 7.3](../7.3/release-notes.html#known-issues)
+
 ## External contributions
 
 We love getting contributions from the Gradle community. For information on contributing, please see [gradle.org/contribute](https://gradle.org/contribute).

subprojects/logging/src/main/java/org/gradle/internal/logging/util/Log4jBannedVersion.java

@@ -22,6 +22,6 @@
  */
 public class Log4jBannedVersion {
     public static final String LOG4J2_CORE_COORDINATES = "org.apache.logging.log4j:log4j-core";
-    public static final String LOG4J2_CORE_VULNERABLE_VERSION_RANGE = "[2.0, 2.16)";
-    public static final String LOG4J2_CORE_REQUIRED_VERSION = "2.16.0";
+    public static final String LOG4J2_CORE_VULNERABLE_VERSION_RANGE = "[2.0, 2.17)";
+    public static final String LOG4J2_CORE_REQUIRED_VERSION = "2.17.0";
 }

subprojects/scala/src/integTest/groovy/org/gradle/scala/ScalaPluginIntegrationTest.groovy

@@ -245,7 +245,7 @@ task someTask
 
     @ToBeFixedForConfigurationCache(because = ":dependencies")
     @Issue("gradle/gradle#19300")
-    def 'show that log4j-core, if present, is 2_16_0 at the minimum'() {
+    def 'show that log4j-core, if present, is 2_17_0 at the minimum'() {
         given:
         file('build.gradle') << """
             apply plugin: 'scala'
@@ -256,7 +256,7 @@ task someTask
         def versionPattern = ~/.*-> 2\.(\d+).*/
         expect:
         succeeds('dependencies', '--configuration', 'zinc')
-        def log4jOutput = result.getOutputLineThatContains("log4j-core:{require 2.16.0; reject [2.0, 2.16)}")
+        def log4jOutput = result.getOutputLineThatContains("log4j-core:{require 2.17.0; reject [2.0, 2.17)}")
         def matcher = log4jOutput =~ versionPattern
         matcher.find()
         Integer.valueOf(matcher.group(1)) >= 16

version.txt

@@ -1 +1 @@
-7.3.2
+7.3.3