(storm) branch master updated: Bump org.apache.logging.log4j:log4j-bom from 2.25.2 to 2.25.3 (#8345)

Fri, 02 Jan 2026 17:42:50 -0800 

This is an automated email from the ASF dual-hosted git repository.

rabreu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/storm.git


The following commit(s) were added to refs/heads/master by this push:
     new 353715696 Bump org.apache.logging.log4j:log4j-bom from 2.25.2 to 
2.25.3 (#8345)
353715696 is described below

commit 3537156969bb11df66cca1c232edff3390a97f32
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Sat Jan 3 01:42:37 2026 +0000

    Bump org.apache.logging.log4j:log4j-bom from 2.25.2 to 2.25.3 (#8345)
    
    * Bump org.apache.logging.log4j:log4j-bom from 2.25.2 to 2.25.3
    
    Bumps 
[org.apache.logging.log4j:log4j-bom](https://github.com/apache/logging-log4j2) 
from 2.25.2 to 2.25.3.
    - [Release notes](https://github.com/apache/logging-log4j2/releases)
    - 
[Changelog](https://github.com/apache/logging-log4j2/blob/2.x/RELEASE-NOTES.adoc)
    - 
[Commits](https://github.com/apache/logging-log4j2/compare/rel/2.25.2...rel/2.25.3)
    
    ---
    updated-dependencies:
    - dependency-name: org.apache.logging.log4j:log4j-bom
      dependency-version: 2.25.3
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <[email protected]>
    
    * Fixing licenses
    
    * Fixing licenses
    
    ---------
    
    Signed-off-by: dependabot[bot] <[email protected]>
    Co-authored-by: dependabot[bot] 
<49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: Rui Abreu <[email protected]>
---
 DEPENDENCY-LICENSES | 6 +++---
 LICENSE-binary      | 6 +++---
 pom.xml             | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/DEPENDENCY-LICENSES b/DEPENDENCY-LICENSES
index 38a553078..baa968d19 100644
--- a/DEPENDENCY-LICENSES
+++ b/DEPENDENCY-LICENSES
@@ -64,8 +64,8 @@ List of third-party dependencies grouped by their license 
type.
         * Apache HttpComponents Core HTTP/2 
(org.apache.httpcomponents.core5:httpcore5-h2:5.2 - 
https://hc.apache.org/httpcomponents-core-5.2.x/5.2/httpcore5-h2/)
         * Apache HttpCore (org.apache.httpcomponents:httpcore:4.4.16 - 
http://hc.apache.org/httpcomponents-core-ga)
         * Apache Kafka (org.apache.kafka:kafka-clients:4.1.1 - 
https://kafka.apache.org)
-        * Apache Log4j API (org.apache.logging.log4j:log4j-api:2.25.2 - 
https://logging.apache.org/log4j/2.x/)
-        * Apache Log4j Core (org.apache.logging.log4j:log4j-core:2.25.2 - 
https://logging.apache.org/log4j/2.x/)
+        * Apache Log4j API (org.apache.logging.log4j:log4j-api:2.25.3 - 
https://logging.apache.org/log4j/2.x/)
+        * Apache Log4j Core (org.apache.logging.log4j:log4j-core:2.25.3 - 
https://logging.apache.org/log4j/2.x/)
         * Apache Maven Shade Plugin 
(org.apache.maven.plugins:maven-shade-plugin:3.6.1 - 
https://maven.apache.org/plugins/maven-shade-plugin/)
         * Apache Maven Shared Utils 
(org.apache.maven.shared:maven-shared-utils:3.2.1 - 
https://maven.apache.org/shared/maven-shared-utils/)
         * Apache Thrift (org.apache.thrift:libthrift:0.22.0 - 
https://thrift.apache.org/)
@@ -257,7 +257,7 @@ List of third-party dependencies grouped by their license 
type.
         * Prometheus Metrics Tracer OpenTelemetry 
(io.prometheus:prometheus-metrics-tracer-otel:1.4.3 - 
http://github.com/prometheus/client_java/client_java/prometheus-metrics-tracer/prometheus-metrics-tracer-otel)
         * Prometheus Metrics Tracer OpenTelemetry Agent 
(io.prometheus:prometheus-metrics-tracer-otel-agent:1.4.3 - 
http://github.com/prometheus/client_java/client_java/prometheus-metrics-tracer/prometheus-metrics-tracer-otel-agent)
         * sigar (org.fusesource:sigar:1.6.4 - http://fusesource.com/sigar/)
-        * SLF4J 2 Provider for Log4j API 
(org.apache.logging.log4j:log4j-slf4j2-impl:2.25.2 - 
https://logging.apache.org/log4j/2.x/)
+        * SLF4J 2 Provider for Log4j API 
(org.apache.logging.log4j:log4j-slf4j2-impl:2.25.3 - 
https://logging.apache.org/log4j/2.x/)
         * SnakeYAML (org.yaml:snakeyaml:2.2 - 
https://bitbucket.org/snakeyaml/snakeyaml)
         * snappy-java (org.xerial.snappy:snappy-java:1.1.10.8 - 
https://github.com/xerial/snappy-java)
         * Spring AOP (org.springframework:spring-aop:7.0.2 - 
https://github.com/spring-projects/spring-framework)
diff --git a/LICENSE-binary b/LICENSE-binary
index 530120ec0..7f0886b9d 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -697,8 +697,8 @@ The license texts of these dependencies can be found in the 
licenses directory.
         * Apache HttpClient (org.apache.httpcomponents:httpclient:4.5.14 - 
http://hc.apache.org/httpcomponents-client-ga)
         * Apache HttpCore (org.apache.httpcomponents:httpcore:4.4.16 - 
http://hc.apache.org/httpcomponents-core-ga)
         * Apache Kafka (org.apache.kafka:kafka-clients:4.1.1 - 
https://kafka.apache.org)
-        * Apache Log4j API (org.apache.logging.log4j:log4j-api:2.25.2 - 
https://logging.apache.org/log4j/2.x/)
-        * Apache Log4j Core (org.apache.logging.log4j:log4j-core:2.25.2 - 
https://logging.apache.org/log4j/2.x/)
+        * Apache Log4j API (org.apache.logging.log4j:log4j-api:2.25.3 - 
https://logging.apache.org/log4j/2.x/)
+        * Apache Log4j Core (org.apache.logging.log4j:log4j-core:2.25.3 - 
https://logging.apache.org/log4j/2.x/)
         * Apache Thrift (org.apache.thrift:libthrift:0.22.0 - 
https://thrift.apache.org/)
         * Apache Yetus - Audience Annotations 
(org.apache.yetus:audience-annotations:0.12.0 - 
https://yetus.apache.org/audience-annotations)
         * Apache Yetus - Audience Annotations 
(org.apache.yetus:audience-annotations:0.13.0 - 
https://yetus.apache.org/audience-annotations)
@@ -839,7 +839,7 @@ The license texts of these dependencies can be found in the 
licenses directory.
         * OpenTelemetry Semantic Conventions Java 
(io.opentelemetry.semconv:opentelemetry-semconv:1.29.0-alpha - 
https://github.com/open-telemetry/semantic-conventions-java)
         * Plexus Common Utilities (org.codehaus.plexus:plexus-utils:3.6.0 - 
https://codehaus-plexus.github.io/plexus-utils/)
         * Plexus Interpolation API 
(org.codehaus.plexus:plexus-interpolation:1.29 - 
https://codehaus-plexus.github.io/plexus-pom/plexus-interpolation/)
-        * SLF4J 2 Provider for Log4j API 
(org.apache.logging.log4j:log4j-slf4j2-impl:2.25.2 - 
https://logging.apache.org/log4j/2.x/)
+        * SLF4J 2 Provider for Log4j API 
(org.apache.logging.log4j:log4j-slf4j2-impl:2.25.3 - 
https://logging.apache.org/log4j/2.x/)
         * SnakeYAML (org.yaml:snakeyaml:2.2 - 
https://bitbucket.org/snakeyaml/snakeyaml)
         * snappy-java (org.xerial.snappy:snappy-java:1.1.10.8 - 
https://github.com/xerial/snappy-java)
         * Throttling Appender 
(io.dropwizard.logback:logback-throttling-appender:1.5.3 - 
https://github.com/dropwizard/logback-throttling-appender/)
diff --git a/pom.xml b/pom.xml
index 40a938640..9c0824b6e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -107,7 +107,7 @@
         <netty-tcnative.version>2.0.74.Final</netty-tcnative.version>
         <netty.version>4.2.7.Final</netty.version>
         <sysout-over-slf4j.version>1.0.2</sysout-over-slf4j.version>
-        <log4j.version>2.25.2</log4j.version>
+        <log4j.version>2.25.3</log4j.version>
         <slf4j.version>2.0.17</slf4j.version>
         <metrics.version>4.2.37</metrics.version>
         <mockito.version>5.14.2</mockito.version>

Reply via email to