You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by jo...@apache.org on 2021/12/13 21:10:40 UTC
[nifi] branch support/nifi-1.15 updated: NIFI-9482 Upgrade Log4j 2 from 2.15.0 to 2.16.0
This is an automated email from the ASF dual-hosted git repository.
joewitt pushed a commit to branch support/nifi-1.15
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/support/nifi-1.15 by this push:
new f2314de NIFI-9482 Upgrade Log4j 2 from 2.15.0 to 2.16.0
f2314de is described below
commit f2314de1c038b97673a1df530eb0000abda870ca
Author: exceptionfactory <ex...@apache.org>
AuthorDate: Mon Dec 13 15:03:07 2021 -0600
NIFI-9482 Upgrade Log4j 2 from 2.15.0 to 2.16.0
Signed-off-by: Joe Witt <jo...@apache.org>
---
pom.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index a470828..daba91e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -483,11 +483,11 @@
<artifactId>aspectjweaver</artifactId>
<version>${aspectj.version}</version>
</dependency>
- <!-- Ensure log4j-core 2.15.0 is used by any transitive dependencies to remediate Log4Shell vulnerability -->
+ <!-- Override log4j-core and related Log4j 2 libraries for transitive dependencies to address CVE-2021-44228 -->
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-bom</artifactId>
- <version>2.15.0</version>
+ <version>2.16.0</version>
<scope>import</scope>
<type>pom</type>
</dependency>