[pulsar] 02/05: [Security] Upgrade Log4j to 2.17.1 (#13552)

penghui Sun, 16 Jan 2022 23:54:50 -0800

This is an automated email from the ASF dual-hosted git repository.

penghui pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/pulsar.git


commit 0e81192716eb75054346f08019c463755a85188f
Author: Lari Hotari <[email protected]>
AuthorDate: Wed Dec 29 12:35:57 2021 +0200

    [Security] Upgrade Log4j to 2.17.1 (#13552)
    
    - see https://logging.apache.org/log4j/2.x/security.html
    - mitigates CVE-2021-44832
    
    (cherry picked from commit 978bb7c1998acef749912075ea8f4e1e1c148e2d)
---
 buildtools/pom.xml                               |  6 +++---
 distribution/server/src/assemble/LICENSE.bin.txt | 10 +++++-----
 pom.xml                                          |  2 +-
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/buildtools/pom.xml b/buildtools/pom.xml
index 4229989..651bece 100644
--- a/buildtools/pom.xml
+++ b/buildtools/pom.xml
@@ -43,17 +43,17 @@
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-api</artifactId>
-      <version>2.17.0</version>
+      <version>2.17.1</version>
     </dependency>
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-core</artifactId>
-      <version>2.17.0</version>
+      <version>2.17.1</version>
     </dependency>
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-slf4j-impl</artifactId>
-      <version>2.17.0</version>
+      <version>2.17.1</version>
     </dependency>
     <!-- for testing FastThreadLocalStateCleaner -->
     <dependency>
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt 
b/distribution/server/src/assemble/LICENSE.bin.txt
index 42bf2bb..8e8f242 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -388,11 +388,11 @@ The Apache Software License, Version 2.0
     - jakarta.validation-jakarta.validation-api-2.0.2.jar
     - javax.validation-validation-api-1.1.0.Final.jar
  * Log4J
-    - org.apache.logging.log4j-log4j-api-2.17.0.jar
-    - org.apache.logging.log4j-log4j-core-2.17.0.jar
-    - org.apache.logging.log4j-log4j-slf4j-impl-2.17.0.jar
-    - org.apache.logging.log4j-log4j-web-2.17.0.jar
-    - org.apache.logging.log4j-log4j-1.2-api-2.17.0.jar
+    - org.apache.logging.log4j-log4j-api-2.17.1.jar
+    - org.apache.logging.log4j-log4j-core-2.17.1.jar
+    - org.apache.logging.log4j-log4j-slf4j-impl-2.17.1.jar
+    - org.apache.logging.log4j-log4j-web-2.17.1.jar
+    - org.apache.logging.log4j-log4j-1.2-api-2.17.1.jar
  * Java Native Access JNA -- net.java.dev.jna-jna-4.2.0.jar
  * BookKeeper
     - org.apache.bookkeeper-bookkeeper-common-4.12.0.jar
diff --git a/pom.xml b/pom.xml
index f596382..2a947ab5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -111,7 +111,7 @@ flexible messaging model and an intuitive client 
API.</description>
     <rocksdb.version>6.10.2</rocksdb.version>
     <slf4j.version>1.7.25</slf4j.version>
     <commons.collections.version>3.2.2</commons.collections.version>
-    <log4j2.version>2.17.0</log4j2.version>
+    <log4j2.version>2.17.1</log4j2.version>
     <bouncycastle.version>1.68</bouncycastle.version>
     <bouncycastlefips.version>1.0.2</bouncycastlefips.version>
     <jackson.version>2.11.1</jackson.version>

[pulsar] 02/05: [Security] Upgrade Log4j to 2.17.1 (#13552)

Reply via email to