Skip to content

Commit

Permalink
Update to log4j 2.15.0 to fix security issue (#11907)
Browse files Browse the repository at this point in the history 
Motivation:

log4j 2.15.0 was released to fix a 0-day security issue. While the log4j dependency is fully optional we should still upgrade.

See https://www.lunasec.io/docs/blog/log4j-zero-day/

Modifications:

Upgrade to 2.15.0

Result:

Use non-affected log4j version
  • Loading branch information
@normanmaurer
normanmaurer committed Dec 10, 2021
1 parent 19b503b commit 4312720
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -786,7 +786,7 @@
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-1.2-api</artifactId>
<version>2.14.1</version>
<version>2.15.0</version>
<exclusions>
<exclusion>
<artifactId>mail</artifactId>
Expand Down

0 comments on commit 4312720

Please sign in to comment.