diff options
author | vv770d <vv770d@att.com> | 2022-01-18 22:04:55 +0000 |
---|---|---|
committer | vv770d <vv770d@att.com> | 2022-01-19 14:44:03 +0000 |
commit | 26895c4a3a0fbeabc8dc8b16b942158d6a86c91b (patch) | |
tree | 727c22d7618622593e165c235a2201c89c66a408 | |
parent | 7a85ea009149edc8aff260d559debbd45af02b03 (diff) |
Remediation for Log4Shell vulnerability
Upgrade log4j to 2.17.1
Change-Id: Id8b9978d2d79e82adc183a8e7e9565b68905bb87
Signed-off-by: vv770d <vv770d@att.com>
Issue-ID: DCAEGEN2-3022
(cherry picked from commit ca168146e760801c7fc2f810cc05a7a092b74bdf)
Signed-off-by: vv770d <vv770d@att.com>
-rw-r--r-- | Changelog.md | 5 | ||||
-rw-r--r-- | pom.xml | 10 |
2 files changed, 8 insertions, 7 deletions
diff --git a/Changelog.md b/Changelog.md index f901c73..d17a970 100644 --- a/Changelog.md +++ b/Changelog.md @@ -4,11 +4,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). -## [1.3.0] - 2022/01/13 +## [1.3.0] - 2022/01/18 - [DCAEGEN2-2962] - Switch RESTCONF Collector to Integration base image + - [DCAEGEN2-3022] - Remediation for Log4Shell vulnerability (upgrade to 2.17.1) ## [1.2.6] - 2021/12/14 - - [DCAEGEN2-3022] - Remediation for Log4Shell vulnerability + - [DCAEGEN2-3022] - Remediation for Log4Shell vulnerability (upgrade to 2.16.0) ## [1.2.5] - 2021/03/19 ### Fixed @@ -1,8 +1,8 @@ <?xml version="1.0"?> <!-- -================================================================================ -Copyright (c) 2019,2021 AT&T. All rights reserved. -Copyright (c) 2022 Huawei. All rights reserved. +============LICENSE_START======================================================= +Copyright (c) 2019,2022 Huawei. All rights reserved. +Copyright (c) 2019,2021-2022 AT&T. All rights reserved. ================================================================================ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -383,12 +383,12 @@ limitations under the License. <dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-core</artifactId> - <version>2.16.0</version> + <version>2.17.1</version> </dependency> <dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-api</artifactId> - <version>2.16.0</version> + <version>2.17.1</version> </dependency> <dependency> <groupId>io.springfox</groupId> |