Skip to content
This repository has been archived by the owner on Feb 15, 2022. It is now read-only.

Commit

Permalink
Updated log4j to 2.17.0 to fix CVE-2021-45105. (#949)
Browse files Browse the repository at this point in the history
Signed-off-by: David Venable <[email protected]>
  • Loading branch information
dlvenable authored Dec 20, 2021
1 parent 6cf86e1 commit 6342e64
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 11 deletions.
18 changes: 9 additions & 9 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -14,25 +14,25 @@ subprojects {
sourceCompatibility = '1.8'
dependencies {
implementation "com.google.guava:guava:29.0-jre"
implementation 'org.apache.logging.log4j:log4j-core:2.16.0'
implementation 'org.apache.logging.log4j:log4j-core:2.17.0'
implementation "org.slf4j:slf4j-api:1.7.30"
implementation 'org.apache.logging.log4j:log4j-slf4j-impl:2.16.0'
implementation 'org.apache.logging.log4j:log4j-slf4j-impl:2.17.0'
testImplementation("junit:junit:4.13") {
exclude group: 'org.hamcrest' // workaround for jarHell
}
constraints {
implementation('org.apache.logging.log4j:log4j-core') {
version {
require '2.16.0'
require '2.17.0'
}
because 'Log4j 2.16.0 fixes CVE-2021-44228 and CVE-2021-45046'
because 'Log4j 2.17.0 fixes CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105'
}
}
implementation('org.apache.logging.log4j:log4j-api') {
version {
require '2.16.0'
implementation('org.apache.logging.log4j:log4j-api') {
version {
require '2.17.0'
}
because 'the build fails if the Log4j API is not update along with log4j-core'
}
because 'the build fails if the Log4j API is not update along with log4j-core'
}
}
build.dependsOn test
Expand Down
4 changes: 2 additions & 2 deletions data-prepper-plugins/elasticsearch/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -67,8 +67,8 @@ configurations.all {
force 'com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.12.3'
force 'junit:junit:4.13'
force "org.slf4j:slf4j-api:1.7.30"
force 'org.apache.logging.log4j:log4j-api:2.16.0'
force 'org.apache.logging.log4j:log4j-core:2.16.0'
force 'org.apache.logging.log4j:log4j-api:2.17.0'
force 'org.apache.logging.log4j:log4j-core:2.17.0'
}
}

Expand Down

0 comments on commit 6342e64

Please sign in to comment.