From 77e8a5597b93b55ba152890b7c8511495ee1af41 Mon Sep 17 00:00:00 2001
From: vv770d <vv770d@att.com>
Date: Tue, 14 Dec 2021 23:35:34 +0000
Subject: [DCAE/restconf] Remediation for Log4Shell vulnerability

Change-Id: I7473966be5012bd68244cb60d5fabee22dfa0cf1
Signed-off-by: vv770d <vv770d@att.com>
Issue-ID: DCAEGEN2-3022
---
 Changelog.md       |  3 +++
 pom.xml            | 16 +++++++++++++---
 version.properties |  2 +-
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/Changelog.md b/Changelog.md
index b6fa3f3..65f42c4 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [1.2.6] - 2021/12/14
+         - [DCAEGEN2-3022] - Remediation for Log4Shell vulnerability
+
 ## [1.2.5] - 19/03/2021
 ### Fixed
 - [DCAEGEN2-2675](https://jira.onap.org/browse/DCAEGEN2-2675) - Disable access to external entities in XML parsing
diff --git a/pom.xml b/pom.xml
index 2eb0b30..6349069 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2,7 +2,7 @@
 <!--
 ================================================================================
 Copyright (c) 2019 Huawei. All rights reserved.
-Copyright (c) 2019 AT&T. All rights reserved.
+Copyright (c) 2019,2021 AT&T. All rights reserved.
 ================================================================================
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -27,7 +27,7 @@ limitations under the License.
     </parent>
     <groupId>org.onap.dcaegen2.collectors.restconf</groupId>
     <artifactId>restconfcollector</artifactId>
-    <version>1.2.5-SNAPSHOT</version>
+    <version>1.2.6-SNAPSHOT</version>
     <name>dcaegen2-collectors-restconf</name>
     <description>RestConfCollector</description>
     <properties>
@@ -435,7 +435,7 @@ limitations under the License.
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-log4j2</artifactId>
-            <version>2.1.5.RELEASE</version>
+            <version>2.6.1</version>
             <exclusions>
                 <exclusion>
                     <groupId>org.apache.logging.log4j</groupId>
@@ -443,6 +443,16 @@ limitations under the License.
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-core</artifactId>
+            <version>2.16.0</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-api</artifactId>
+            <version>2.16.0</version>
+        </dependency>
         <dependency>
             <groupId>io.springfox</groupId>
             <artifactId>springfox-swagger2</artifactId>
diff --git a/version.properties b/version.properties
index 4fd02cd..0cb18ba 100644
--- a/version.properties
+++ b/version.properties
@@ -1,6 +1,6 @@
 major=1
 minor=2
-patch=5
+patch=6
 base_version=${major}.${minor}.${patch}
 release_version=${base_version}
 snapshot_version=${base_version}-SNAPSHOT
-- 
cgit 1.2.3-korg