[storm] branch 1.x-branch updated: STORM-3810: bumping log4j.version to 2.17.0 and disruptor.version to 3.4.4 (CVE-2021-44228, CVE-2021-45046) (#3427)

[agresch]

This is an automated email from the ASF dual-hosted git repository.

agresch pushed a commit to branch 1.x-branch
in repository https://gitbox.apache.org/repos/asf/storm.git


The following commit(s) were added to refs/heads/1.x-branch by this push:
     new 3c5e897  STORM-3810: bumping log4j.version to 2.17.0 and 
disruptor.version to 3.4.4 (CVE-2021-44228, CVE-2021-45046) (#3427)
3c5e897 is described below

commit 3c5e897448d79b81a8d05a1aa124dcab16c87efd
Author: Paolo Cancedda <paolo.cance...@gmail.com>
AuthorDate: Mon Dec 20 18:56:14 2021 +0100

    STORM-3810: bumping log4j.version to 2.17.0 and disruptor.version to 3.4.4 
(CVE-2021-44228, CVE-2021-45046) (#3427)
    
    * CVE-2021-44228: bumping log4j.version to 2.17.0 and disruptor.version to 
3.4.4
    
    Co-authored-by: Paolo Cancedda <paolo.cance...@primeur.com>
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index c5a4139..ddaad4f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -241,12 +241,12 @@
         <snakeyaml.version>1.11</snakeyaml.version>
         <httpclient.version>4.3.3</httpclient.version>
         <clojure.tools.cli.version>0.2.4</clojure.tools.cli.version>
-        <disruptor.version>3.3.11</disruptor.version>
+        <disruptor.version>3.4.4</disruptor.version>
         <jgrapht.version>0.9.0</jgrapht.version>
         <guava.version>16.0.1</guava.version>
         <netty.version>3.9.9.Final</netty.version>
         <log4j-over-slf4j.version>1.6.6</log4j-over-slf4j.version>
-        <log4j.version>2.8.2</log4j.version>
+        <log4j.version>2.17.0</log4j.version>
         <slf4j.version>1.7.21</slf4j.version>
         <metrics.version>3.1.0</metrics.version>
         <clojure.tools.nrepl.version>0.2.3</clojure.tools.nrepl.version>