Upgrade to log4j2 2.17.1

Upgrade to log4j2 version 2.17.1 to correct log4shell vulnerability

Issue-ID: CCSDK-3556
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: I61a3fdd9854a1beee70abed1fd8542cdf664756a

1 files changed, 13 insertions, 3 deletions

diff --git a/standalone/pom.xml b/standalone/pom.xml
index 12f0df42..6ac69113 100755
--- a/standalone/pom.xml
+++ b/standalone/pom.xml
@@ -65,8 +65,8 @@
         <bundle.plugin.version>2.5.0</bundle.plugin.version>
         <checkstyle.skip>true</checkstyle.skip>
 
-        <log4j.version>2.16.0</log4j.version>
-        <log4j2.version>2.16.0</log4j2.version>
+        <log4j.version>2.17.1</log4j.version>
+        <log4j2.version>2.17.1</log4j2.version>
         <mariadb.connector.version>2.7.2</mariadb.connector.version>
         <fasterxml.jackson.version>2.12.4</fasterxml.jackson.version>
         <velocity.version>2.3</velocity.version>
@@ -103,8 +103,18 @@
             </dependency>
             <dependency>
                 <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-api</artifactId>
+                <version>2.17.1</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-core</artifactId>
+                <version>2.17.1</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
                 <artifactId>log4j-slf4j-impl</artifactId>
-                <version>2.15.0</version>
+                <version>2.17.1</version>
             </dependency>
             <dependency>
                 <groupId>com.fasterxml.jackson.core</groupId>