You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@flink.apache.org by kn...@apache.org on 2021/12/26 07:42:55 UTC
[flink] branch release-1.14 updated: [FLINK-25375] Update log4j2 dependency to 2.17.0 to address (#18167)
This is an automated email from the ASF dual-hosted git repository.
knaufk pushed a commit to branch release-1.14
in repository https://gitbox.apache.org/repos/asf/flink.git
The following commit(s) were added to refs/heads/release-1.14 by this push:
new 49971b8 [FLINK-25375] Update log4j2 dependency to 2.17.0 to address (#18167)
49971b8 is described below
commit 49971b8a527b81b5e00169d5b187e21a274184e2
Author: Konstantin Knauf <me...@konstantin-knauf.de>
AuthorDate: Sun Dec 26 08:41:52 2021 +0100
[FLINK-25375] Update log4j2 dependency to 2.17.0 to address (#18167)
CVE-2021-45105
Co-authored-by: Bernard Joseph Jean Bruno <br...@busymind101.com>
---
docs/content.zh/docs/dev/datastream/project-configuration.md | 2 +-
docs/content/docs/dev/datastream/project-configuration.md | 2 +-
pom.xml | 2 +-
tools/releasing/NOTICE-binary_PREAMBLE.txt | 8 ++++----
4 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/docs/content.zh/docs/dev/datastream/project-configuration.md b/docs/content.zh/docs/dev/datastream/project-configuration.md
index ac1100f..fa8f9ac 100644
--- a/docs/content.zh/docs/dev/datastream/project-configuration.md
+++ b/docs/content.zh/docs/dev/datastream/project-configuration.md
@@ -331,7 +331,7 @@ ext {
flinkVersion = '1.13-SNAPSHOT'
scalaBinaryVersion = '2.11'
slf4jVersion = '1.7.15'
- log4jVersion = '2.16.0'
+ log4jVersion = '2.17.0'
}
diff --git a/docs/content/docs/dev/datastream/project-configuration.md b/docs/content/docs/dev/datastream/project-configuration.md
index 06a822e..a3cd119 100644
--- a/docs/content/docs/dev/datastream/project-configuration.md
+++ b/docs/content/docs/dev/datastream/project-configuration.md
@@ -330,7 +330,7 @@ ext {
flinkVersion = '1.13-SNAPSHOT'
scalaBinaryVersion = '2.11'
slf4jVersion = '1.7.15'
- log4jVersion = '2.16.0'
+ log4jVersion = '2.17.0'
}
diff --git a/pom.xml b/pom.xml
index c1959d5..ae65b81 100644
--- a/pom.xml
+++ b/pom.xml
@@ -106,7 +106,7 @@ under the License.
<guava.version>18.0</guava.version>
<target.java.version>1.8</target.java.version>
<slf4j.version>1.7.15</slf4j.version>
- <log4j.version>2.16.0</log4j.version>
+ <log4j.version>2.17.0</log4j.version>
<!-- Overwrite default values from parent pom.
Intellij is (sometimes?) using those values to choose target language level
and thus is changing back to java 1.6 on each maven re-import -->
diff --git a/tools/releasing/NOTICE-binary_PREAMBLE.txt b/tools/releasing/NOTICE-binary_PREAMBLE.txt
index 257fcc70..4613ecc 100644
--- a/tools/releasing/NOTICE-binary_PREAMBLE.txt
+++ b/tools/releasing/NOTICE-binary_PREAMBLE.txt
@@ -8,10 +8,10 @@ Copyright 2014-2021 The Apache Software Foundation
This project bundles the following dependencies under the Apache Software License 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
-- org.apache.logging.log4j:log4j-api:2.16.0
-- org.apache.logging.log4j:log4j-core:2.16.0
-- org.apache.logging.log4j:log4j-slf4j-impl:2.16.0
-- org.apache.logging.log4j:log4j-1.2-api:2.16.0
+- org.apache.logging.log4j:log4j-api:2.17.0
+- org.apache.logging.log4j:log4j-core:2.17.0
+- org.apache.logging.log4j:log4j-slf4j-impl:2.17.0
+- org.apache.logging.log4j:log4j-1.2-api:2.17.0
This project bundles the following dependencies under the BSD license.
See bundled license files for details.