summaryrefslogtreecommitdiffstats
path: root/springboot/spring-boot-setup/src/main/resources/pom-template.xml
diff options
context:
space:
mode:
authorDan Timoney <dtimoney@att.com>2022-01-03 16:44:03 -0500
committerDan Timoney <dtimoney@att.com>2022-01-03 16:44:03 -0500
commitf3f03daaa608a0db54049765f767a275237dbaf0 (patch)
tree16b70e3f00af7caca2f08ee6d392f3755d6d6afa /springboot/spring-boot-setup/src/main/resources/pom-template.xml
parentab5bfc93c00d7e16e54730374e9fec84d91e0c16 (diff)
Upgrade to log4j2 2.17.1
Update to use version 2.17.1 to resolve log4shell vulnerability Issue-ID: CCSDK-3556 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: I26727d116f066f4041e374d06b894223a86c96a4
Diffstat (limited to 'springboot/spring-boot-setup/src/main/resources/pom-template.xml')
-rw-r--r--springboot/spring-boot-setup/src/main/resources/pom-template.xml17
1 files changed, 14 insertions, 3 deletions
diff --git a/springboot/spring-boot-setup/src/main/resources/pom-template.xml b/springboot/spring-boot-setup/src/main/resources/pom-template.xml
index 7104d384..d094231f 100644
--- a/springboot/spring-boot-setup/src/main/resources/pom-template.xml
+++ b/springboot/spring-boot-setup/src/main/resources/pom-template.xml
@@ -124,8 +124,8 @@
<derby.version>10.14.2.0</derby.version>
<eelf.version>1.0.0</eelf.version>
<grpc.version>1.25.0</grpc.version>
- <log4j.version>2.16.0</log4j.version>
- <log4j2.version>2.16.0</log4j2.version>
+ <log4j.version>2.17.1</log4j.version>
+ <log4j2.version>2.17.1</log4j2.version>
<netty-ssl>${springboot.netty.ssl.version}</netty-ssl>
<protobuff.java.version>3.10.0</protobuff.java.version>
<protobuff.java.utils.version>3.10.0</protobuff.java.utils.version>
@@ -202,7 +202,18 @@
<groupId>org.liquibase</groupId>
<artifactId>liquibase-core</artifactId>
<version>4.4.2-nordix</version>
- </dependency>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-api</artifactId>
+ <version>${log4j2.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-core</artifactId>
+ <version>${log4j2.version}</version>
+ </dependency>
+
</dependencies>
</dependencyManagement>