You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by eo...@apache.org on 2021/12/14 08:08:30 UTC

[pulsar] 02/02: Bump log4j to 2.16.0 (#13277)

This is an automated email from the ASF dual-hosted git repository.

eolivelli pushed a commit to branch branch-2.9
in repository https://gitbox.apache.org/repos/asf/pulsar.git

commit ff99f5fab2a976bc954a0f8bdf4da5d1a3c76f56
Author: Michael Marshall <mm...@apache.org>
AuthorDate: Tue Dec 14 00:53:52 2021 -0600

    Bump log4j to 2.16.0 (#13277)
    
    Apache Log4j 2.16.0 was just released. It is a more complete fix for Log4Shell. See the Apache Log4j mailing list for details: https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4
    
    (cherry picked from commit 621ca60cd28d4ba770f55b6a8ad6cccc52321b28)
---
 buildtools/pom.xml                               |  2 +-
 distribution/server/src/assemble/LICENSE.bin.txt | 10 +++++-----
 pom.xml                                          |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/buildtools/pom.xml b/buildtools/pom.xml
index 06443fa..f9b8998 100644
--- a/buildtools/pom.xml
+++ b/buildtools/pom.xml
@@ -39,7 +39,7 @@
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
     <surefire.version>3.0.0-M3</surefire.version>
-    <log4j2.version>2.15.0</log4j2.version>
+    <log4j2.version>2.16.0</log4j2.version>
     <slf4j.version>1.7.25</slf4j.version>
     <testng.version>7.3.0</testng.version>
     <commons-lang3.version>3.11</commons-lang3.version>
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index cb6441d..3ce4e42 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -383,11 +383,11 @@ The Apache Software License, Version 2.0
     - jakarta.validation-jakarta.validation-api-2.0.2.jar
     - javax.validation-validation-api-1.1.0.Final.jar
  * Log4J
-    - org.apache.logging.log4j-log4j-api-2.15.0.jar
-    - org.apache.logging.log4j-log4j-core-2.15.0.jar
-    - org.apache.logging.log4j-log4j-slf4j-impl-2.15.0.jar
-    - org.apache.logging.log4j-log4j-web-2.15.0.jar
-    - org.apache.logging.log4j-log4j-1.2-api-2.15.0.jar
+    - org.apache.logging.log4j-log4j-api-2.16.0.jar
+    - org.apache.logging.log4j-log4j-core-2.16.0.jar
+    - org.apache.logging.log4j-log4j-slf4j-impl-2.16.0.jar
+    - org.apache.logging.log4j-log4j-web-2.16.0.jar
+    - org.apache.logging.log4j-log4j-1.2-api-2.16.0.jar
  * Java Native Access JNA -- net.java.dev.jna-jna-4.2.0.jar
  * BookKeeper
     - org.apache.bookkeeper-bookkeeper-common-4.14.2.jar
diff --git a/pom.xml b/pom.xml
index 7d4fbdd..04e9dfb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -119,7 +119,7 @@ flexible messaging model and an intuitive client API.</description>
     <rocksdb.version>6.10.2</rocksdb.version>
     <slf4j.version>1.7.25</slf4j.version>
     <commons.collections.version>3.2.2</commons.collections.version>
-    <log4j2.version>2.15.0</log4j2.version>
+    <log4j2.version>2.16.0</log4j2.version>
     <bouncycastle.version>1.69</bouncycastle.version>
     <bouncycastlefips.version>1.0.2</bouncycastlefips.version>
     <jackson.version>2.12.3</jackson.version>