Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update to log4j 2.17.0 #125

Closed
wants to merge 1 commit into from
Closed

Update to log4j 2.17.0 #125

wants to merge 1 commit into from

Conversation

0001vrn
Copy link

@0001vrn 0001vrn commented Dec 21, 2021

See https://logging.apache.org/log4j/2.x/changes-report.html#a2.17.0

Motivation:

log4j 2.16 was recently discovered to be vulnerable to an infinite recursion DOS. Version 2.17 fixes LOG4J2-3230.

Modification:

Change the POM from 2.16 to 2.17 for log4j.

Result:

This PR updates log4j to 2.17, which includes a patch for the issue.

Fixes #

See https://logging.apache.org/log4j/2.x/changes-report.html#a2.17.0

Motivation:

log4j 2.16 was recently discovered to be vulnerable to an infinite recursion DOS. Version 2.17 fixes LOG4J2-3230.

Modification:

Change the POM from 2.16 to 2.17 for log4j.

Result:

This PR updates log4j to 2.17, which includes a patch for the issue.
@0001vrn
Copy link
Author

0001vrn commented Dec 21, 2021

Closing this since it is already raised by dependabot #124

@0001vrn 0001vrn closed this Dec 21, 2021
@0001vrn 0001vrn deleted the patch-1 branch December 21, 2021 07:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

1 participant