From 97f804a8f3cded5cbf11200573ed4751bb129b6c Mon Sep 17 00:00:00 2001
From: AJESH-CR <ajoajesh1996@gmail.com>
Date: Fri, 31 Dec 2021 12:18:52 +0530
Subject: [PATCH] Upgrade Log4j 2.16.0 to 2.17.1 to fix RCE via JDBC Appender
 when attacker controls configuration (CVE-2021-44832)

---
 README.md | 2 +-
 pom.xml   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 182baf6f..a592d4f0 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ _Note 2: Support for higher versions of JDK (>= 1.9.0) has not been made availab
 
 ### Dependencies
 * commons-logging-1.1.1.jar : logging
-* log4j-2.16.0.jar          : logging
+* log4j-2.17.1.jar          : logging
 * httpclient-4.0.1.jar      : http communication with the payment gateway
 * httpcore-4.0.1.jar        : http communication with the payment gateway
 * junit-4.8.2.jar           : unit testing
diff --git a/pom.xml b/pom.xml
index e39c64e0..24e96c43 100644
--- a/pom.xml
+++ b/pom.xml
@@ -117,7 +117,7 @@
 		<maven.compile.target>1.5</maven.compile.target>
 		<maven.compile.optimize>true</maven.compile.optimize>
 		<maven.compile.deprecation>true</maven.compile.deprecation>
-		<log4j.version>2.16.0</log4j.version>
+		<log4j.version>2.17.1</log4j.version>
 	</properties>
 	<build>
 		<plugins>