Skip to content
This repository has been archived by the owner on Jun 29, 2023. It is now read-only.

bump log4j to 2.15.0 due to CVE-2021-44228 #278

Merged
merged 1 commit into from
Dec 13, 2021
Merged

Conversation

checktheflow
Copy link
Contributor

@checktheflow checktheflow commented Dec 11, 2021

Make sure that:

  • You have read the contribution guidelines.
  • You use the code formatters provided here and have them applied to your changes. Don’t submit any formatting related changes.
  • You submit test cases (unit or integration tests) that back your changes.

@mp911de mp911de added the type: dependency-upgrade A dependency upgrade label Dec 13, 2021
@mp911de mp911de merged commit a4e5986 into mp911de:main Dec 13, 2021
@mp911de
Copy link
Owner

mp911de commented Dec 13, 2021

Thanks a lot!

@dsteher
Copy link

dsteher commented Dec 13, 2021

Hi all, thanks for the fix. Do you plan to make a new release for this fix in maven central?

@mp911de
Copy link
Owner

mp911de commented Dec 13, 2021

Yes, once I have time for it.

All logging dependencies are optional so including logstash-gelf into your project will not pull in any log4j/log4j2/… dependencies. The version of log4j2 entirely depends on your project.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
type: dependency-upgrade A dependency upgrade
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants