From b9a360ce87fbd6f63ff58bf16b8d52d8a8799329 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Nov 2023 17:48:27 +0000
Subject: [PATCH] Bump version.log4j from 2.12.4 to 2.21.1

Bumps `version.log4j` from 2.12.4 to 2.21.1.

Updates `org.apache.logging.log4j:log4j-core` from 2.12.4 to 2.21.1

Updates `org.apache.logging.log4j:log4j-slf4j-impl` from 2.12.4 to 2.21.1

---
updated-dependencies:
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.apache.logging.log4j:log4j-slf4j-impl
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e13fe8a9b0..a49c8b3a57 100644
--- a/pom.xml
+++ b/pom.xml
@@ -125,7 +125,7 @@
         <!-- this is the last version of log4j that is compatible with Java 7. Due to a known vulnerability
         (https://nvd.nist.gov/vuln/detail/CVE-2020-9488#vulnCurrentDescriptionTitle), the SMTP appender is
          excluded from the build and not packaged into the agent artifacts -->
-        <version.log4j>2.12.4</version.log4j>
+        <version.log4j>2.21.1</version.log4j>
         <version.ecs.logging>1.5.0</version.ecs.logging>
         <version.spring>5.0.15.RELEASE</version.spring>
         <version.jetty-server>9.4.11.v20180605</version.jetty-server>