This is an automated email from the ASF dual-hosted git repository. joewitt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push: new 1321b25 NIFI-9482 This closes #5600. Upgrade Log4j 2 from 2.15.0 to 2.16.0 1321b25 is described below commit 1321b25f6670fb96e3e75076addb6fbe7e691c84 Author: exceptionfactory <exceptionfact...@apache.org> AuthorDate: Mon Dec 13 15:03:07 2021 -0600 NIFI-9482 This closes #5600. Upgrade Log4j 2 from 2.15.0 to 2.16.0 Signed-off-by: Joe Witt <joew...@apache.org> --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 8c4aa72..03d2b18 100644 --- a/pom.xml +++ b/pom.xml @@ -485,11 +485,11 @@ <artifactId>aspectjweaver</artifactId> <version>${aspectj.version}</version> </dependency> - <!-- Ensure log4j-core 2.15.0 is used by any transitive dependencies to remediate Log4Shell vulnerability --> + <!-- Override log4j-core and related Log4j 2 libraries for transitive dependencies to address CVE-2021-44228 --> <dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-bom</artifactId> - <version>2.15.0</version> + <version>2.16.0</version> <scope>import</scope> <type>pom</type> </dependency>