You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@kudu.apache.org by al...@apache.org on 2021/12/14 19:05:09 UTC

[kudu] branch branch-1.13.x updated: [java] bump log4j up to 2.15.0 version

This is an automated email from the ASF dual-hosted git repository.

alexey pushed a commit to branch branch-1.13.x
in repository https://gitbox.apache.org/repos/asf/kudu.git


The following commit(s) were added to refs/heads/branch-1.13.x by this push:
     new e415f39  [java] bump log4j up to 2.15.0 version
e415f39 is described below

commit e415f39300fd85dbc786ed941e7b535231c62f9a
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Fri Dec 10 11:59:32 2021 -0800

    [java] bump log4j up to 2.15.0 version
    
    Kudu doesn't use Java for the server-side components, but to keep
    various security scanners happy regarding the recent security
    vulnerabilities like [1], let's update the log4j package up to the
    recently released 2.15.0 version (2021-12-06).  Release notes for the
    new version of the package is available at [2].
    
    [1] https://logging.apache.org/log4j/2.x/security.html
    [2] https://logging.apache.org/log4j/2.x/changes-report.html#a2.15.0
    
    Change-Id: Ib7317447f24916795d8f00e3f6c418707c7fd4ff
    Reviewed-on: http://gerrit.cloudera.org:8080/18084
    Reviewed-by: Andrew Wong <aw...@cloudera.com>
    Reviewed-by: Greg Solovyev <gs...@cloudera.com>
    Tested-by: Kudu Jenkins
    (cherry picked from commit 44e517519e1507eafe58bd9179940160e6934079)
      Conflicts:
        java/gradle/dependencies.gradle
    Reviewed-on: http://gerrit.cloudera.org:8080/18089
    Reviewed-by: Alexey Serbin <as...@cloudera.com>
    Reviewed-by: Bankim Bhavsar <ba...@cloudera.com>
    Tested-by: Alexey Serbin <as...@cloudera.com>
---
 java/gradle/dependencies.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/gradle/dependencies.gradle b/java/gradle/dependencies.gradle
index e66d7f5..b15e645 100755
--- a/java/gradle/dependencies.gradle
+++ b/java/gradle/dependencies.gradle
@@ -45,7 +45,7 @@ versions += [
     jmh            : "1.23",
     jsr305         : "3.0.2",
     junit          : "4.13",
-    log4j          : "2.11.2",
+    log4j          : "2.15.0",
     micrometer     : "1.5.1",
     mockito        : "3.3.3",
     murmur         : "1.0.0",