This is an automated email from the ASF dual-hosted git repository.
reinwald pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/systemml.git
The following commit(s) were added to refs/heads/master by this push:
new cac53a9 [MINOR] Upgrade log4j from 1.2.15 to 2.13.0
cac53a9 is described below
commit cac53a97d087541c80c0aa9fdc25b7c8b267b25e
Author: Berthold Reinwald <[email protected]>
AuthorDate: Thu Jan 16 15:57:42 2020 -0800
[MINOR] Upgrade log4j from 1.2.15 to 2.13.0
Official support for 1.2.x ended in 2015. And 1.2.15 has public
vulnerabilities. Hence, we want to upgrade.
---
pom.xml | 29 ++++++++++-------------------
1 file changed, 10 insertions(+), 19 deletions(-)
diff --git a/pom.xml b/pom.xml
index 4b5dd29..9f3d2a4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1564,25 +1564,6 @@
<version>3.4.1</version>
</dependency>
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>1.2.15</version>
- <exclusions>
- <exclusion>
- <groupId>com.sun.jmx</groupId>
- <artifactId>jmxri</artifactId>
- </exclusion>
- <exclusion>
- <groupId>com.sun.jdmk</groupId>
- <artifactId>jmxtools</artifactId>
- </exclusion>
- <exclusion>
- <groupId>javax.jms</groupId>
- <artifactId>jms</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
<dependency>
<groupId>org.apache.wink</groupId>
@@ -1676,6 +1657,16 @@
<version>1.9.5</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-api</artifactId>
+ <version>2.13.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-core</artifactId>
+ <version>2.13.0</version>
+ </dependency>
</dependencies>
</project>
