You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@flink.apache.org by kn...@apache.org on 2021/12/26 07:42:55 UTC

[flink] branch release-1.14 updated: [FLINK-25375] Update log4j2 dependency to 2.17.0 to address (#18167)

This is an automated email from the ASF dual-hosted git repository.

knaufk pushed a commit to branch release-1.14
in repository https://gitbox.apache.org/repos/asf/flink.git


The following commit(s) were added to refs/heads/release-1.14 by this push:
     new 49971b8  [FLINK-25375] Update log4j2 dependency to 2.17.0 to address (#18167)
49971b8 is described below

commit 49971b8a527b81b5e00169d5b187e21a274184e2
Author: Konstantin Knauf <me...@konstantin-knauf.de>
AuthorDate: Sun Dec 26 08:41:52 2021 +0100

    [FLINK-25375] Update log4j2 dependency to 2.17.0 to address (#18167)
    
    CVE-2021-45105
    
    Co-authored-by: Bernard Joseph Jean Bruno <br...@busymind101.com>
---
 docs/content.zh/docs/dev/datastream/project-configuration.md | 2 +-
 docs/content/docs/dev/datastream/project-configuration.md    | 2 +-
 pom.xml                                                      | 2 +-
 tools/releasing/NOTICE-binary_PREAMBLE.txt                   | 8 ++++----
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/docs/content.zh/docs/dev/datastream/project-configuration.md b/docs/content.zh/docs/dev/datastream/project-configuration.md
index ac1100f..fa8f9ac 100644
--- a/docs/content.zh/docs/dev/datastream/project-configuration.md
+++ b/docs/content.zh/docs/dev/datastream/project-configuration.md
@@ -331,7 +331,7 @@ ext {
     flinkVersion = '1.13-SNAPSHOT'
     scalaBinaryVersion = '2.11'
     slf4jVersion = '1.7.15'
-    log4jVersion = '2.16.0'
+    log4jVersion = '2.17.0'
 }
 
 
diff --git a/docs/content/docs/dev/datastream/project-configuration.md b/docs/content/docs/dev/datastream/project-configuration.md
index 06a822e..a3cd119 100644
--- a/docs/content/docs/dev/datastream/project-configuration.md
+++ b/docs/content/docs/dev/datastream/project-configuration.md
@@ -330,7 +330,7 @@ ext {
     flinkVersion = '1.13-SNAPSHOT'
     scalaBinaryVersion = '2.11'
     slf4jVersion = '1.7.15'
-    log4jVersion = '2.16.0'
+    log4jVersion = '2.17.0'
 }
 
 
diff --git a/pom.xml b/pom.xml
index c1959d5..ae65b81 100644
--- a/pom.xml
+++ b/pom.xml
@@ -106,7 +106,7 @@ under the License.
 		<guava.version>18.0</guava.version>
 		<target.java.version>1.8</target.java.version>
 		<slf4j.version>1.7.15</slf4j.version>
-		<log4j.version>2.16.0</log4j.version>
+		<log4j.version>2.17.0</log4j.version>
 		<!-- Overwrite default values from parent pom.
 			 Intellij is (sometimes?) using those values to choose target language level
 			 and thus is changing back to java 1.6 on each maven re-import -->
diff --git a/tools/releasing/NOTICE-binary_PREAMBLE.txt b/tools/releasing/NOTICE-binary_PREAMBLE.txt
index 257fcc70..4613ecc 100644
--- a/tools/releasing/NOTICE-binary_PREAMBLE.txt
+++ b/tools/releasing/NOTICE-binary_PREAMBLE.txt
@@ -8,10 +8,10 @@ Copyright 2014-2021 The Apache Software Foundation
 
 This project bundles the following dependencies under the Apache Software License 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
 
-- org.apache.logging.log4j:log4j-api:2.16.0
-- org.apache.logging.log4j:log4j-core:2.16.0
-- org.apache.logging.log4j:log4j-slf4j-impl:2.16.0
-- org.apache.logging.log4j:log4j-1.2-api:2.16.0
+- org.apache.logging.log4j:log4j-api:2.17.0
+- org.apache.logging.log4j:log4j-core:2.17.0
+- org.apache.logging.log4j:log4j-slf4j-impl:2.17.0
+- org.apache.logging.log4j:log4j-1.2-api:2.17.0
 
 This project bundles the following dependencies under the BSD license.
 See bundled license files for details.