From 978bb7c1998acef749912075ea8f4e1e1c148e2d Mon Sep 17 00:00:00 2001 From: Lari Hotari Date: Wed, 29 Dec 2021 12:35:57 +0200 Subject: [PATCH] [Security] Upgrade Log4j to 2.17.1 (#13552) - see https://logging.apache.org/log4j/2.x/security.html - mitigates CVE-2021-44832 --- buildtools/pom.xml | 2 +- distribution/server/src/assemble/LICENSE.bin.txt | 10 +++++----- pom.xml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/buildtools/pom.xml b/buildtools/pom.xml index 7e15a35cbd3d7..29642592b29fe 100644 --- a/buildtools/pom.xml +++ b/buildtools/pom.xml @@ -39,7 +39,7 @@ 1.8 1.8 3.0.0-M3 - 2.17.0 + 2.17.1 1.7.25 7.3.0 3.11 diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index 77ba2838b07d7..b641110ca434b 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -385,11 +385,11 @@ The Apache Software License, Version 2.0 - jakarta.validation-jakarta.validation-api-2.0.2.jar - javax.validation-validation-api-1.1.0.Final.jar * Log4J - - org.apache.logging.log4j-log4j-api-2.17.0.jar - - org.apache.logging.log4j-log4j-core-2.17.0.jar - - org.apache.logging.log4j-log4j-slf4j-impl-2.17.0.jar - - org.apache.logging.log4j-log4j-web-2.17.0.jar - - org.apache.logging.log4j-log4j-1.2-api-2.17.0.jar + - org.apache.logging.log4j-log4j-api-2.17.1.jar + - org.apache.logging.log4j-log4j-core-2.17.1.jar + - org.apache.logging.log4j-log4j-slf4j-impl-2.17.1.jar + - org.apache.logging.log4j-log4j-web-2.17.1.jar + - org.apache.logging.log4j-log4j-1.2-api-2.17.1.jar * Java Native Access JNA -- net.java.dev.jna-jna-4.2.0.jar * BookKeeper - org.apache.bookkeeper-bookkeeper-common-4.14.3.jar diff --git a/pom.xml b/pom.xml index bcbd10497d88f..4db09aed2b44e 100644 --- a/pom.xml +++ b/pom.xml @@ -119,7 +119,7 @@ flexible messaging model and an intuitive client API. 6.10.2 1.7.25 3.2.2 - 2.17.0 + 2.17.1 1.69 1.0.2 2.12.3