This is an automated email from the ASF dual-hosted git repository.
knaufk pushed a commit to branch release-1.12
in repository https://gitbox.apache.org/repos/asf/flink.git
The following commit(s) were added to refs/heads/release-1.12 by this push:
new 1561f0f [FLINK-25375] Update log4j2 dependency to 2.17.0 to address
(#18166)
1561f0f is described below
commit 1561f0f908a96b8efa83e79d44cfe579cb7d29ef
Author: Konstantin Knauf <m...@konstantin-knauf.de>
AuthorDate: Sun Dec 26 08:41:50 2021 +0100
[FLINK-25375] Update log4j2 dependency to 2.17.0 to address (#18166)
CVE-2021-45105
Co-authored-by: Bernard Joseph Jean Bruno <brunobern...@busymind101.com>
---
docs/dev/project-configuration.md | 2 +-
docs/dev/project-configuration.zh.md | 2 +-
pom.xml | 2 +-
tools/releasing/NOTICE-binary_PREAMBLE.txt | 8 ++++----
4 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/docs/dev/project-configuration.md
b/docs/dev/project-configuration.md
index 36d4610..28172e0 100644
--- a/docs/dev/project-configuration.md
+++ b/docs/dev/project-configuration.md
@@ -326,7 +326,7 @@ ext {
flinkVersion = '{{ site.version }}'
scalaBinaryVersion = '{{ site.scala_version }}'
slf4jVersion = '1.7.15'
- log4jVersion = '2.16.0'
+ log4jVersion = '2.17.0'
}
diff --git a/docs/dev/project-configuration.zh.md
b/docs/dev/project-configuration.zh.md
index 3f48dce..dee703c 100644
--- a/docs/dev/project-configuration.zh.md
+++ b/docs/dev/project-configuration.zh.md
@@ -326,7 +326,7 @@ ext {
flinkVersion = '{{ site.version }}'
scalaBinaryVersion = '{{ site.scala_version }}'
slf4jVersion = '1.7.15'
- log4jVersion = '2.16.0'
+ log4jVersion = '2.17.0'
}
diff --git a/pom.xml b/pom.xml
index cfed76b..b5fcb08 100644
--- a/pom.xml
+++ b/pom.xml
@@ -108,7 +108,7 @@ under the License.
<akka.version>2.5.21</akka.version>
<target.java.version>1.8</target.java.version>
<slf4j.version>1.7.15</slf4j.version>
- <log4j.version>2.12.1</log4j.version>
+ <log4j.version>2.17.0</log4j.version>
<!-- Overwrite default values from parent pom.
Intellij is (sometimes?) using those values to choose
target language level
and thus is changing back to java 1.6 on each maven
re-import -->
diff --git a/tools/releasing/NOTICE-binary_PREAMBLE.txt
b/tools/releasing/NOTICE-binary_PREAMBLE.txt
index fba3eb0..4613ecc 100644
--- a/tools/releasing/NOTICE-binary_PREAMBLE.txt
+++ b/tools/releasing/NOTICE-binary_PREAMBLE.txt
@@ -8,10 +8,10 @@ Copyright 2014-2021 The Apache Software Foundation
This project bundles the following dependencies under the Apache Software
License 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
-- org.apache.logging.log4j:log4j-api:2.12.1
-- org.apache.logging.log4j:log4j-core:2.12.1
-- org.apache.logging.log4j:log4j-slf4j-impl:2.12.1
-- org.apache.logging.log4j:log4j-1.2-api:2.12.1
+- org.apache.logging.log4j:log4j-api:2.17.0
+- org.apache.logging.log4j:log4j-core:2.17.0
+- org.apache.logging.log4j:log4j-slf4j-impl:2.17.0
+- org.apache.logging.log4j:log4j-1.2-api:2.17.0
This project bundles the following dependencies under the BSD license.
See bundled license files for details.
