This is an automated email from the ASF dual-hosted git repository.
abhishekrb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/master by this push:
new 150a45781f5 Bump org.apache.logging.log4j:log4j-core from 2.22.1 to
2.25.3 (#18874)
150a45781f5 is described below
commit 150a45781f55c4a8d2065e4f74c047aa015eef0a
Author: Ashwin Tumma <[email protected]>
AuthorDate: Mon Dec 29 12:29:06 2025 -0800
Bump org.apache.logging.log4j:log4j-core from 2.22.1 to 2.25.3 (#18874)
Updates org.apache.logging.log4j:log4j-core from 2.22.1 to 2.25.3 to
address CVE-2025-68161.
Co-authored-by: Ashwin Tumma <[email protected]>
---
licenses.yaml | 2 +-
pom.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/licenses.yaml b/licenses.yaml
index 267d5e00195..f2d32fccaf2 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -1868,7 +1868,7 @@ name: Apache Log4j
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 2.22.1
+version: 2.25.3
libraries:
- org.apache.logging.log4j: log4j-1.2-api
- org.apache.logging.log4j: log4j-api
diff --git a/pom.xml b/pom.xml
index bdc7975350d..334dee6841e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -108,7 +108,7 @@
<jersey.version>1.19.4</jersey.version>
<jackson.version>2.19.2</jackson.version>
<codehaus.jackson.version>1.9.13</codehaus.jackson.version>
- <log4j.version>2.22.1</log4j.version>
+ <log4j.version>2.25.3</log4j.version>
<mysql.version>8.2.0</mysql.version>
<mariadb.version>2.7.3</mariadb.version>
<netty3.version>3.10.6.Final</netty3.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
