Upgrade to log4j2 2.17.1

Update to use version 2.17.1 to resolve log4shell vulnerability Issue-ID: CCSDK-3556 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: I26727d116f066f4041e374d06b894223a86c96a4
author: Dan Timoney <dtimoney@att.com> 2022-01-03 16:44:03 -0500
committer: Dan Timoney <dtimoney@att.com> 2022-01-03 16:44:03 -0500
commit: f3f03daaa608a0db54049765f767a275237dbaf0 (patch)
tree: 16b70e3f00af7caca2f08ee6d392f3755d6d6afa /springboot
parent: ab5bfc93c00d7e16e54730374e9fec84d91e0c16 (diff)
4 files changed, 44 insertions, 11 deletions
diff --git a/springboot/spring-boot-setup/src/main/resources/pom-template.xml b/springboot/spring-boot-setup/src/main/resources/pom-template.xml
index 7104d384..d094231f 100644
--- a/springboot/spring-boot-setup/src/main/resources/pom-template.xml
+++ b/springboot/spring-boot-setup/src/main/resources/pom-template.xml
@@ -124,8 +124,8 @@
         <derby.version>10.14.2.0</derby.version>
         <eelf.version>1.0.0</eelf.version>
         <grpc.version>1.25.0</grpc.version>
-        <log4j.version>2.16.0</log4j.version>
-        <log4j2.version>2.16.0</log4j2.version>
+        <log4j.version>2.17.1</log4j.version>
+        <log4j2.version>2.17.1</log4j2.version>
         <netty-ssl>${springboot.netty.ssl.version}</netty-ssl>
         <protobuff.java.version>3.10.0</protobuff.java.version>
         <protobuff.java.utils.version>3.10.0</protobuff.java.utils.version>
@@ -202,7 +202,18 @@
                 <groupId>org.liquibase</groupId>
                 <artifactId>liquibase-core</artifactId>
                 <version>4.4.2-nordix</version>
-            </dependency>   
+            </dependency> 
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-api</artifactId>
+                <version>${log4j2.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-core</artifactId>
+                <version>${log4j2.version}</version>
+            </dependency>
+
         </dependencies>
     </dependencyManagement>
 
diff --git a/springboot/springboot1/pom.xml b/springboot/springboot1/pom.xml
index 773d041e..68faea70 100644
--- a/springboot/springboot1/pom.xml
+++ b/springboot/springboot1/pom.xml
@@ -124,8 +124,8 @@
         <derby.version>10.14.2.0</derby.version>
         <eelf.version>1.0.0</eelf.version>
         <grpc.version>1.25.0</grpc.version>
-        <log4j.version>2.16.0</log4j.version>
-        <log4j2.version>2.16.0</log4j2.version>
+        <log4j.version>2.17.1</log4j.version>
+        <log4j2.version>2.17.1</log4j2.version>
         <netty-ssl>2.0.39.Final</netty-ssl>
         <protobuff.java.version>3.10.0</protobuff.java.version>
         <protobuff.java.utils.version>3.10.0</protobuff.java.utils.version>
@@ -202,7 +202,18 @@
                 <groupId>org.liquibase</groupId>
                 <artifactId>liquibase-core</artifactId>
                 <version>4.4.2-nordix</version>
-            </dependency>   
+            </dependency> 
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-api</artifactId>
+                <version>${log4j2.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-core</artifactId>
+                <version>${log4j2.version}</version>
+            </dependency>
+
         </dependencies>
     </dependencyManagement>
 
diff --git a/springboot/springboot2/pom.xml b/springboot/springboot2/pom.xml
index 290f34b5..5503c80e 100644
--- a/springboot/springboot2/pom.xml
+++ b/springboot/springboot2/pom.xml
@@ -124,8 +124,8 @@
         <derby.version>10.14.2.0</derby.version>
         <eelf.version>1.0.0</eelf.version>
         <grpc.version>1.25.0</grpc.version>
-        <log4j.version>2.16.0</log4j.version>
-        <log4j2.version>2.16.0</log4j2.version>
+        <log4j.version>2.17.1</log4j.version>
+        <log4j2.version>2.17.1</log4j2.version>
         <netty-ssl>2.0.39.Final</netty-ssl>
         <protobuff.java.version>3.10.0</protobuff.java.version>
         <protobuff.java.utils.version>3.10.0</protobuff.java.utils.version>
@@ -202,7 +202,18 @@
                 <groupId>org.liquibase</groupId>
                 <artifactId>liquibase-core</artifactId>
                 <version>4.4.2-nordix</version>
-            </dependency>   
+            </dependency> 
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-api</artifactId>
+                <version>${log4j2.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-core</artifactId>
+                <version>${log4j2.version}</version>
+            </dependency>
+
         </dependencies>
     </dependencyManagement>
 
diff --git a/springboot/springboot25/pom.xml b/springboot/springboot25/pom.xml
index 5752dfd6..aa2fdf3f 100644
--- a/springboot/springboot25/pom.xml
+++ b/springboot/springboot25/pom.xml
@@ -129,8 +129,8 @@
         <jettison.version>1.3.8</jettison.version>
         <logback.version>1.2.3</logback.version>
 
-        <log4j.version>2.16.0</log4j.version>
-        <log4j2.version>2.16.0</log4j2.version>
+        <log4j.version>2.17.1</log4j.version>
+        <log4j2.version>2.17.1</log4j2.version>
         <mariadb.connector.version>2.7.3</mariadb.connector.version>
         <mariadb4j.version>2.4.0</mariadb4j.version>
         <slf4j.version>1.7.32</slf4j.version>
author	Dan Timoney <dtimoney@att.com>	2022-01-03 16:44:03 -0500
committer	Dan Timoney <dtimoney@att.com>	2022-01-03 16:44:03 -0500
commit	f3f03daaa608a0db54049765f767a275237dbaf0 (patch)
tree	16b70e3f00af7caca2f08ee6d392f3755d6d6afa /springboot
parent	ab5bfc93c00d7e16e54730374e9fec84d91e0c16 (diff)