From df2199ea293ef66bfdd9ac72cd49b27c7ccd70c1 Mon Sep 17 00:00:00 2001
From: Scala Steward <scala_steward@virtuslab.com>
Date: Fri, 13 Dec 2024 14:31:25 +0000
Subject: [PATCH] Update log4j-core to 2.24.3

---
 lock.sbt                   | 2 +-
 project/Dependencies.scala | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lock.sbt b/lock.sbt
index 6afa0ce7a..74f99850d 100644
--- a/lock.sbt
+++ b/lock.sbt
@@ -123,7 +123,7 @@ Compile / dependencyOverrides ++= {
       "org.apache.httpcomponents" % "httpcore" % "4.4.5",
       "org.apache.httpcomponents" % "httpcore-nio" % "4.4.5",
       "org.apache.logging.log4j" % "log4j-api" % "2.17.2",
-      "org.apache.logging.log4j" % "log4j-core" % "2.17.2",
+      "org.apache.logging.log4j" % "log4j-core" % "2.24.3",
       "org.apache.lucene" % "lucene-analyzers-common" % "7.7.3",
       "org.apache.lucene" % "lucene-backward-codecs" % "7.7.3",
       "org.apache.lucene" % "lucene-core" % "7.7.3",
diff --git a/project/Dependencies.scala b/project/Dependencies.scala
index f3a747e84..373dd3bf4 100644
--- a/project/Dependencies.scala
+++ b/project/Dependencies.scala
@@ -117,7 +117,7 @@ object Dependencies {
     // The ElasticSearch client uses Log4j. log4j-api already included, but not -core.
     // (Versions <= 2.17.0 are vulnerable.)
     //  log4jApi  = "org.apache.logging.log4j" % "log4j-api" % "..."   // not needed
-    val log4jCore = "org.apache.logging.log4j" % "log4j-core" % "2.17.2"  // needed
+    val log4jCore = "org.apache.logging.log4j" % "log4j-core" % "2.24.3"  // needed
 
 
     // ----- Metrics, tracing