Upgrade to log4j2 2.17.1

Update to use version 2.17.1 to resolve log4shell vulnerability

Issue-ID: CCSDK-3556
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: I26727d116f066f4041e374d06b894223a86c96a4

1 files changed, 13 insertions, 3 deletions

diff --git a/standalone/pom.xml b/standalone/pom.xml
index c549eeae..3bc2fb58 100755
--- a/standalone/pom.xml
+++ b/standalone/pom.xml
@@ -65,8 +65,8 @@
         <bundle.plugin.version>2.5.0</bundle.plugin.version>
         <checkstyle.skip>true</checkstyle.skip>
 
-        <log4j.version>2.16.0</log4j.version>
-        <log4j2.version>2.16.0</log4j2.version>
+        <log4j.version>2.17.1</log4j.version>
+        <log4j2.version>2.17.1</log4j2.version>
         <mariadb.connector.version>2.7.2</mariadb.connector.version>
         <fasterxml.jackson.version>2.12.4</fasterxml.jackson.version>
         <velocity.version>2.3</velocity.version>
@@ -103,8 +103,18 @@
             </dependency>
             <dependency>
                 <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-api</artifactId>
+                <version>2.17.1</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-core</artifactId>
+                <version>2.17.1</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
                 <artifactId>log4j-slf4j-impl</artifactId>
-                <version>2.11.2</version>
+                <version>2.17.1</version>
             </dependency>
             <dependency>
                 <groupId>com.fasterxml.jackson.core</groupId>