Skip to content

Commit 00896e7

Browse files
JacquesLeRouxJacquesLeRoux
committed
Fixed: Announce 17.12.09 EOL (OFBIZ-12479)
Includes: [SECURITY] CVE-2021-44228: Apache Log4j2 (OFBIZ-12449) [SECURITY] CVE-2021-45105: Apache Log4j2 (OFBIZ-12470) [SECURITY] Update TIka because of Apache Log4j2 vulnerability (OFBIZ-12474) [SECURITY] CVE-2021-44832: Apache Log4j2 (OFBIZ-12475)
1 parent fb6b508 commit 00896e7

File tree

1 file changed

+9
-8
lines changed

1 file changed

+9
-8
lines changed

build.gradle

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -166,10 +166,11 @@ dependencies {
166166
compile 'org.apache.geronimo.components:geronimo-transaction:3.1.4'
167167
compile 'org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1'
168168
compile 'org.apache.httpcomponents:httpclient-cache:4.5.4'
169-
compile 'org.apache.logging.log4j:log4j-api:2.10.0' // the API of log4j 2
169+
compile 'org.apache.logging.log4j:log4j-api:2.17.1' // the API of log4j 2
170+
compile 'org.apache.logging.log4j:log4j-web:2.17.1'
170171
compile 'org.apache.shiro:shiro-core:1.4.0'
171-
compile 'org.apache.tika:tika-core:1.26'
172-
compile 'org.apache.tika:tika-parsers:1.26'
172+
compile 'org.apache.tika:tika-core:1.28'
173+
compile 'org.apache.tika:tika-parsers:1.28'
173174
compile 'org.apache.pdfbox:pdfbox:2.0.24'
174175
compile 'org.apache.poi:poi:3.17'
175176
compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.54'
@@ -203,11 +204,11 @@ dependencies {
203204
runtime 'org.apache.axis2:axis2-transport-local:1.7.7'
204205
runtime 'org.apache.derby:derby:10.14.1.0'
205206
runtime 'org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec:1.1'
206-
runtime 'org.apache.logging.log4j:log4j-1.2-api:2.10.0' // for external jars using the old log4j1.2: routes logging to log4j 2
207-
runtime 'org.apache.logging.log4j:log4j-core:2.10.0' // the implementation of the log4j 2 API
208-
runtime 'org.apache.logging.log4j:log4j-jul:2.10.0' // for external jars using the java.util.logging: routes logging to log4j 2
209-
runtime 'org.apache.logging.log4j:log4j-slf4j-impl:2.10.0' // for external jars using slf4j: routes logging to log4j 2
210-
runtime 'org.apache.logging.log4j:log4j-jcl:2.10.0' // need to constrain to version to avoid classpath conflict (ReflectionUtil)
207+
runtime 'org.apache.logging.log4j:log4j-1.2-api:2.17.1' // for external jars using the old log4j1.2: routes logging to log4j 2
208+
runtime 'org.apache.logging.log4j:log4j-core:2.17.1' // the implementation of the log4j 2 API
209+
runtime 'org.apache.logging.log4j:log4j-jul:2.17.1' // for external jars using the java.util.logging: routes logging to log4j 2
210+
runtime 'org.apache.logging.log4j:log4j-slf4j-impl:2.17.1' // for external jars using slf4j: routes logging to log4j 2
211+
runtime 'org.apache.logging.log4j:log4j-jcl:2.17.1' // need to constrain to version to avoid classpath conflict (ReflectionUtil)
211212
runtime 'org.codeartisans.thirdparties.swing:batik-all:1.8pre-r1084380'
212213

213214
// plugin libs

0 commit comments

Comments
 (0)