Skip to content

Commit

Permalink
[Security] Upgrade to Log4J 2.17.0 to mitigate CVE-2021-45105 (#13392)
Browse files Browse the repository at this point in the history
- more details at https://logging.apache.org/log4j/2.x/security.html

(cherry picked from commit 0fa626d)
  • Loading branch information
lhotari committed Dec 18, 2021
1 parent 4f19b71 commit 4b9cadc
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 7 deletions.
2 changes: 1 addition & 1 deletion buildtools/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<surefire.version>3.0.0-M3</surefire.version>
<log4j2.version>2.16.0</log4j2.version>
<log4j2.version>2.17.0</log4j2.version>
<slf4j.version>1.7.25</slf4j.version>
<testng.version>7.3.0</testng.version>
<commons-lang3.version>3.11</commons-lang3.version>
Expand Down
10 changes: 5 additions & 5 deletions distribution/server/src/assemble/LICENSE.bin.txt
Original file line number Diff line number Diff line change
Expand Up @@ -385,11 +385,11 @@ The Apache Software License, Version 2.0
- jakarta.validation-jakarta.validation-api-2.0.2.jar
- javax.validation-validation-api-1.1.0.Final.jar
* Log4J
- org.apache.logging.log4j-log4j-api-2.16.0.jar
- org.apache.logging.log4j-log4j-core-2.16.0.jar
- org.apache.logging.log4j-log4j-slf4j-impl-2.16.0.jar
- org.apache.logging.log4j-log4j-web-2.16.0.jar
- org.apache.logging.log4j-log4j-1.2-api-2.16.0.jar
- org.apache.logging.log4j-log4j-api-2.17.0.jar
- org.apache.logging.log4j-log4j-core-2.17.0.jar
- org.apache.logging.log4j-log4j-slf4j-impl-2.17.0.jar
- org.apache.logging.log4j-log4j-web-2.17.0.jar
- org.apache.logging.log4j-log4j-1.2-api-2.17.0.jar
* Java Native Access JNA -- net.java.dev.jna-jna-4.2.0.jar
* BookKeeper
- org.apache.bookkeeper-bookkeeper-common-4.14.3.jar
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ flexible messaging model and an intuitive client API.</description>
<rocksdb.version>6.10.2</rocksdb.version>
<slf4j.version>1.7.25</slf4j.version>
<commons.collections.version>3.2.2</commons.collections.version>
<log4j2.version>2.16.0</log4j2.version>
<log4j2.version>2.17.0</log4j2.version>
<bouncycastle.version>1.69</bouncycastle.version>
<bouncycastlefips.version>1.0.2</bouncycastlefips.version>
<jackson.version>2.12.3</jackson.version>
Expand Down

0 comments on commit 4b9cadc

Please sign in to comment.