You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by al...@apache.org on 2021/12/20 19:54:35 UTC
[kudu] branch master updated: [java] bump log4j up to 2.17.0 version
This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new 84600f4 [java] bump log4j up to 2.17.0 version
84600f4 is described below
commit 84600f495e8cff24aa8794d7974d0b6fe77b95db
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Mon Dec 20 11:17:09 2021 -0800
[java] bump log4j up to 2.17.0 version
OK, log4j saga continues: 2.17.0 is the new shiny version to have once
the recent security vulnerability CVE-2021-44228 has been fixed
in 2.15.0. Without going into the details, let's just update to the
most recent one to make various security scanners happy.
Release notes for the new version of the package is available at [1].
This is a follow-up to a6079a063c8f38166d91956ad46a4ce695a08019 and
ea67260aad998db7d34a94d25261e121a668faec.
[1] https://logging.apache.org/log4j/2.x/changes-report.html#a2.17.0
Change-Id: I8642063189ef7add4fc7b573008a4bfe7ac3d98b
Reviewed-on: http://gerrit.cloudera.org:8080/18109
Reviewed-by: Attila Bukor <ab...@apache.org>
Tested-by: Kudu Jenkins
---
java/gradle/dependencies.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/gradle/dependencies.gradle b/java/gradle/dependencies.gradle
index d03d93b..90a88b6 100755
--- a/java/gradle/dependencies.gradle
+++ b/java/gradle/dependencies.gradle
@@ -45,7 +45,7 @@ versions += [
jmh : "1.28",
jsr305 : "3.0.2",
junit : "4.13.2",
- log4j : "2.16.0",
+ log4j : "2.17.0",
micrometer : "1.6.5",
mockito : "3.8.0",
murmur : "1.0.0",