This is an automated email from the ASF dual-hosted git repository. knaufk pushed a commit to branch release-1.12 in repository https://gitbox.apache.org/repos/asf/flink.git
The following commit(s) were added to refs/heads/release-1.12 by this push: new 1561f0f [FLINK-25375] Update log4j2 dependency to 2.17.0 to address (#18166) 1561f0f is described below commit 1561f0f908a96b8efa83e79d44cfe579cb7d29ef Author: Konstantin Knauf <m...@konstantin-knauf.de> AuthorDate: Sun Dec 26 08:41:50 2021 +0100 [FLINK-25375] Update log4j2 dependency to 2.17.0 to address (#18166) CVE-2021-45105 Co-authored-by: Bernard Joseph Jean Bruno <brunobern...@busymind101.com> --- docs/dev/project-configuration.md | 2 +- docs/dev/project-configuration.zh.md | 2 +- pom.xml | 2 +- tools/releasing/NOTICE-binary_PREAMBLE.txt | 8 ++++---- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/dev/project-configuration.md b/docs/dev/project-configuration.md index 36d4610..28172e0 100644 --- a/docs/dev/project-configuration.md +++ b/docs/dev/project-configuration.md @@ -326,7 +326,7 @@ ext { flinkVersion = '{{ site.version }}' scalaBinaryVersion = '{{ site.scala_version }}' slf4jVersion = '1.7.15' - log4jVersion = '2.16.0' + log4jVersion = '2.17.0' } diff --git a/docs/dev/project-configuration.zh.md b/docs/dev/project-configuration.zh.md index 3f48dce..dee703c 100644 --- a/docs/dev/project-configuration.zh.md +++ b/docs/dev/project-configuration.zh.md @@ -326,7 +326,7 @@ ext { flinkVersion = '{{ site.version }}' scalaBinaryVersion = '{{ site.scala_version }}' slf4jVersion = '1.7.15' - log4jVersion = '2.16.0' + log4jVersion = '2.17.0' } diff --git a/pom.xml b/pom.xml index cfed76b..b5fcb08 100644 --- a/pom.xml +++ b/pom.xml @@ -108,7 +108,7 @@ under the License. <akka.version>2.5.21</akka.version> <target.java.version>1.8</target.java.version> <slf4j.version>1.7.15</slf4j.version> - <log4j.version>2.12.1</log4j.version> + <log4j.version>2.17.0</log4j.version> <!-- Overwrite default values from parent pom. Intellij is (sometimes?) using those values to choose target language level and thus is changing back to java 1.6 on each maven re-import --> diff --git a/tools/releasing/NOTICE-binary_PREAMBLE.txt b/tools/releasing/NOTICE-binary_PREAMBLE.txt index fba3eb0..4613ecc 100644 --- a/tools/releasing/NOTICE-binary_PREAMBLE.txt +++ b/tools/releasing/NOTICE-binary_PREAMBLE.txt @@ -8,10 +8,10 @@ Copyright 2014-2021 The Apache Software Foundation This project bundles the following dependencies under the Apache Software License 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt) -- org.apache.logging.log4j:log4j-api:2.12.1 -- org.apache.logging.log4j:log4j-core:2.12.1 -- org.apache.logging.log4j:log4j-slf4j-impl:2.12.1 -- org.apache.logging.log4j:log4j-1.2-api:2.12.1 +- org.apache.logging.log4j:log4j-api:2.17.0 +- org.apache.logging.log4j:log4j-core:2.17.0 +- org.apache.logging.log4j:log4j-slf4j-impl:2.17.0 +- org.apache.logging.log4j:log4j-1.2-api:2.17.0 This project bundles the following dependencies under the BSD license. See bundled license files for details.