This is an automated email from the ASF dual-hosted git repository. joewitt pushed a commit to branch support/nifi-1.15 in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/support/nifi-1.15 by this push: new f2314de NIFI-9482 Upgrade Log4j 2 from 2.15.0 to 2.16.0 f2314de is described below commit f2314de1c038b97673a1df530eb0000abda870ca Author: exceptionfactory <exceptionfact...@apache.org> AuthorDate: Mon Dec 13 15:03:07 2021 -0600 NIFI-9482 Upgrade Log4j 2 from 2.15.0 to 2.16.0 Signed-off-by: Joe Witt <joew...@apache.org> --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index a470828..daba91e 100644 --- a/pom.xml +++ b/pom.xml @@ -483,11 +483,11 @@ <artifactId>aspectjweaver</artifactId> <version>${aspectj.version}</version> </dependency> - <!-- Ensure log4j-core 2.15.0 is used by any transitive dependencies to remediate Log4Shell vulnerability --> + <!-- Override log4j-core and related Log4j 2 libraries for transitive dependencies to address CVE-2021-44228 --> <dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-bom</artifactId> - <version>2.15.0</version> + <version>2.16.0</version> <scope>import</scope> <type>pom</type> </dependency>