You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by jo...@apache.org on 2021/12/13 21:24:47 UTC
[nifi] branch main updated: NIFI-9482 This closes #5600. Upgrade Log4j 2 from 2.15.0 to 2.16.0
This is an automated email from the ASF dual-hosted git repository.
joewitt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 1321b25 NIFI-9482 This closes #5600. Upgrade Log4j 2 from 2.15.0 to 2.16.0
1321b25 is described below
commit 1321b25f6670fb96e3e75076addb6fbe7e691c84
Author: exceptionfactory <ex...@apache.org>
AuthorDate: Mon Dec 13 15:03:07 2021 -0600
NIFI-9482 This closes #5600. Upgrade Log4j 2 from 2.15.0 to 2.16.0
Signed-off-by: Joe Witt <jo...@apache.org>
---
pom.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index 8c4aa72..03d2b18 100644
--- a/pom.xml
+++ b/pom.xml
@@ -485,11 +485,11 @@
<artifactId>aspectjweaver</artifactId>
<version>${aspectj.version}</version>
</dependency>
- <!-- Ensure log4j-core 2.15.0 is used by any transitive dependencies to remediate Log4Shell vulnerability -->
+ <!-- Override log4j-core and related Log4j 2 libraries for transitive dependencies to address CVE-2021-44228 -->
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-bom</artifactId>
- <version>2.15.0</version>
+ <version>2.16.0</version>
<scope>import</scope>
<type>pom</type>
</dependency>