[ofbiz-framework] branch release18.12 updated: Improved: Apache Log4j2 (OFBIZ-12449)

Tue, 14 Dec 2021 03:30:27 -0800 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release18.12 by this push:
     new e83559d  Improved: Apache Log4j2 (OFBIZ-12449)
e83559d is described below

commit e83559d1516f69b127552a58c1e7fb288030abf2
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Tue Dec 14 12:28:38 2021 +0100

    Improved: Apache Log4j2 (OFBIZ-12449)
    
    Updates log4j2 from 2.15.0 to 2.16.0 because of
    https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4
    
    It's not a security issue, I lazily use OFBIZ-12449 because it can improve
    security even if it's not necessary (dixit the announce)
---
 build.gradle | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/build.gradle b/build.gradle
index f8efad1..b6772f9 100644
--- a/build.gradle
+++ b/build.gradle
@@ -190,7 +190,7 @@ dependencies {
     compile 'org.apache.geronimo.components:geronimo-transaction:3.1.4'
     compile 'org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1'
     compile 'org.apache.httpcomponents:httpclient-cache:4.5.6'
-    compile 'org.apache.logging.log4j:log4j-api:2.15.0' // the API of log4j 2
+    compile 'org.apache.logging.log4j:log4j-api:2.16.0' // the API of log4j 2
     compile 'org.apache.poi:poi:3.17'
     compile 'org.apache.pdfbox:pdfbox:2.0.24'
     compile 'org.apache.shiro:shiro-core:1.4.0'
@@ -231,11 +231,11 @@ dependencies {
     runtime 'org.apache.axis2:axis2-transport-local:1.7.8'
     runtime 'org.apache.derby:derby:10.14.2.0'
     runtime 'org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec:1.1'
-    runtime 'org.apache.logging.log4j:log4j-1.2-api:2.15.0' // for external 
jars using the old log4j1.2: routes logging to log4j 2
-    runtime 'org.apache.logging.log4j:log4j-core:2.15.0' // the implementation 
of the log4j 2 API
-    runtime 'org.apache.logging.log4j:log4j-jul:2.15.0' // for external jars 
using the java.util.logging: routes logging to log4j 2
-    runtime 'org.apache.logging.log4j:log4j-slf4j-impl:2.15.0' // for external 
jars using slf4j: routes logging to log4j 2
-    runtime 'org.apache.logging.log4j:log4j-jcl:2.15.0' // need to constrain 
to version to avoid classpath conflict (ReflectionUtil)
+    runtime 'org.apache.logging.log4j:log4j-1.2-api:2.16.0' // for external 
jars using the old log4j1.2: routes logging to log4j 2
+    runtime 'org.apache.logging.log4j:log4j-core:2.16.0' // the implementation 
of the log4j 2 API
+    runtime 'org.apache.logging.log4j:log4j-jul:2.16.0' // for external jars 
using the java.util.logging: routes logging to log4j 2
+    runtime 'org.apache.logging.log4j:log4j-slf4j-impl:2.16.0' // for external 
jars using slf4j: routes logging to log4j 2
+    runtime 'org.apache.logging.log4j:log4j-jcl:2.16.0' // need to constrain 
to version to avoid classpath conflict (ReflectionUtil)
     runtime 'org.codeartisans.thirdparties.swing:batik-all:1.8pre-r1084380'
 
     // plugin libs

Reply via email to