You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pinot.apache.org by xi...@apache.org on 2021/12/17 22:47:53 UTC

[pinot] tag release-0.8.0-fix-CVE-2021-45046 created (now e84d0d4)

This is an automated email from the ASF dual-hosted git repository.

xiangfu pushed a change to tag release-0.8.0-fix-CVE-2021-45046
in repository https://gitbox.apache.org/repos/asf/pinot.git.


      at e84d0d4  (commit)
This tag includes the following new commits:

     new e84d0d4  Upgrade log4j to 2.16.0 for CVE-2021-45046 (#7903)

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[pinot] 01/01: Upgrade log4j to 2.16.0 for CVE-2021-45046 (#7903)

Posted by xi...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

xiangfu pushed a commit to tag release-0.8.0-fix-CVE-2021-45046
in repository https://gitbox.apache.org/repos/asf/pinot.git

commit e84d0d4f1f3d2f80be7be068a1a481bf0620336f
Author: Neha Pawar <ne...@gmail.com>
AuthorDate: Tue Dec 14 15:30:19 2021 -0800

    Upgrade log4j to 2.16.0 for CVE-2021-45046 (#7903)
---
 LICENSE-binary | 8 ++++----
 pom.xml        | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index a9ad999..e3bd47a 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -336,10 +336,10 @@ org.apache.httpcomponents:httpmime:4.5.3
 org.apache.kafka:kafka-clients:2.0.0
 org.apache.kafka:kafka_2.10:0.9.0.1
 org.apache.kafka:kafka_2.11:2.0.0
-org.apache.logging.log4j:log4j-1.2-api:2.11.2
-org.apache.logging.log4j:log4j-api:2.11.2
-org.apache.logging.log4j:log4j-core:2.11.2
-org.apache.logging.log4j:log4j-slf4j-impl:2.11.2
+org.apache.logging.log4j:log4j-1.2-api:2.16.0
+org.apache.logging.log4j:log4j-api:2.16.0
+org.apache.logging.log4j:log4j-core:2.16.0
+org.apache.logging.log4j:log4j-slf4j-impl:2.16.0
 org.apache.lucene:lucene-analyzers-common:8.2.0
 org.apache.lucene:lucene-core:8.2.0
 org.apache.lucene:lucene-queries:8.2.0
diff --git a/pom.xml b/pom.xml
index 42010e6..4ad5af9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -145,7 +145,7 @@
     <snappy-java.version>1.1.1.7</snappy-java.version>
     <zstd-jni.version>1.4.9-5</zstd-jni.version>
     <lz4-java.version>1.7.1</lz4-java.version>
-    <log4j.version>2.11.2</log4j.version>
+    <log4j.version>2.16.0</log4j.version>
     <netty.version>4.1.54.Final</netty.version>
     <reactivestreams.version>1.0.3</reactivestreams.version>
     <jts.version>1.16.1</jts.version>

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org