From 8f0d4774d5f59347e38b504cbcd530a1fc147518 Mon Sep 17 00:00:00 2001 From: Varun Thakur Date: Tue, 21 Dec 2021 12:44:16 +0530 Subject: [PATCH] Update to log4j 2.17.0 See https://logging.apache.org/log4j/2.x/changes-report.html#a2.17.0 Motivation: log4j 2.16 was recently discovered to be vulnerable to an infinite recursion DOS. Version 2.17 fixes LOG4J2-3230. Modification: Change the POM from 2.16 to 2.17 for log4j. Result: This PR updates log4j to 2.17, which includes a patch for the issue. --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 6759cdab..da5b5cc9 100644 --- a/pom.xml +++ b/pom.xml @@ -42,7 +42,7 @@ 11 5.6.0 1.2.3 - 2.16.0 + 2.17.0 1.18.20 3.1.0 3.11.2