Skip to content

Commit 2774b46

Browse files
lhotarilhotari
committed
[Security] Upgrade to Log4J 2.17.0 to mitigate CVE-2021-45105 (apache#13392)
- more details at https://logging.apache.org/log4j/2.x/security.html (cherry picked from commit 0fa626d)
1 parent ab451b8 commit 2774b46

File tree

3 files changed

+9
-9
lines changed

3 files changed

+9
-9
lines changed

buildtools/pom.xml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -43,17 +43,17 @@
4343
<dependency>
4444
<groupId>org.apache.logging.log4j</groupId>
4545
<artifactId>log4j-api</artifactId>
46-
<version>2.16.0</version>
46+
<version>2.17.0</version>
4747
</dependency>
4848
<dependency>
4949
<groupId>org.apache.logging.log4j</groupId>
5050
<artifactId>log4j-core</artifactId>
51-
<version>2.16.0</version>
51+
<version>2.17.0</version>
5252
</dependency>
5353
<dependency>
5454
<groupId>org.apache.logging.log4j</groupId>
5555
<artifactId>log4j-slf4j-impl</artifactId>
56-
<version>2.16.0</version>
56+
<version>2.17.0</version>
5757
</dependency>
5858
<!-- for testing FastThreadLocalStateCleaner -->
5959
<dependency>

distribution/server/src/assemble/LICENSE.bin.txt

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -388,11 +388,11 @@ The Apache Software License, Version 2.0
388388
- jakarta.validation-jakarta.validation-api-2.0.2.jar
389389
- javax.validation-validation-api-1.1.0.Final.jar
390390
* Log4J
391-
- org.apache.logging.log4j-log4j-api-2.16.0.jar
392-
- org.apache.logging.log4j-log4j-core-2.16.0.jar
393-
- org.apache.logging.log4j-log4j-slf4j-impl-2.16.0.jar
394-
- org.apache.logging.log4j-log4j-web-2.16.0.jar
395-
- org.apache.logging.log4j-log4j-1.2-api-2.16.0.jar
391+
- org.apache.logging.log4j-log4j-api-2.17.0.jar
392+
- org.apache.logging.log4j-log4j-core-2.17.0.jar
393+
- org.apache.logging.log4j-log4j-slf4j-impl-2.17.0.jar
394+
- org.apache.logging.log4j-log4j-web-2.17.0.jar
395+
- org.apache.logging.log4j-log4j-1.2-api-2.17.0.jar
396396
* Java Native Access JNA -- net.java.dev.jna-jna-4.2.0.jar
397397
* BookKeeper
398398
- org.apache.bookkeeper-bookkeeper-common-4.12.0.jar

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -111,7 +111,7 @@ flexible messaging model and an intuitive client API.</description>
111111
<rocksdb.version>6.10.2</rocksdb.version>
112112
<slf4j.version>1.7.25</slf4j.version>
113113
<commons.collections.version>3.2.2</commons.collections.version>
114-
<log4j2.version>2.16.0</log4j2.version>
114+
<log4j2.version>2.17.0</log4j2.version>
115115
<bouncycastle.version>1.68</bouncycastle.version>
116116
<bouncycastlefips.version>1.0.2</bouncycastlefips.version>
117117
<jackson.version>2.11.1</jackson.version>

0 commit comments

Comments
 (0)