This is an automated email from the ASF dual-hosted git repository.
cgivre pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/drill.git
The following commit(s) were added to refs/heads/master by this push:
new a3cfdac DRILL-8071: upgrade log4j to 2.17.1 (#2417)
a3cfdac is described below
commit a3cfdacca01a193b5c5b836a0beafa0eb95a1669
Author: PJ Fanning <[email protected]>
AuthorDate: Mon Jan 3 13:58:33 2022 +0100
DRILL-8071: upgrade log4j to 2.17.1 (#2417)
* DRILL-8071: upgrade log4j to 2.17.1
Description
Drill's format-excel has only gained log4j dependencies recently (and this
is not in any Drill release yet).
Log4J have released 2.17.1 with another CVE fix. These CVEs don't affect
Drill because it does not yet use log4j-core but for optics, it is better to
update all log4j jars.
https://logging.apache.org/log4j/2.x/security.html
Documentation
No changes
Testing
Unit tests
* upgrade excel-streaming-reader due to cve in h2
https://www.cvedetails.com/cve/CVE-2021-23463/
---
contrib/format-excel/pom.xml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/contrib/format-excel/pom.xml b/contrib/format-excel/pom.xml
index 0d440ec..ccc9b7d 100644
--- a/contrib/format-excel/pom.xml
+++ b/contrib/format-excel/pom.xml
@@ -52,17 +52,17 @@
<dependency>
<groupId>com.github.pjfanning</groupId>
<artifactId>excel-streaming-reader</artifactId>
- <version>3.2.6</version>
+ <version>3.3.1</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
- <version>2.17.0</version>
+ <version>2.17.1</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-to-slf4j</artifactId>
- <version>2.17.0</version>
+ <version>2.17.1</version>
</dependency>
<!-- Test dependencies -->
<dependency>
