From 0bc5443b61de16808fa95edb168150fa3cc462b6 Mon Sep 17 00:00:00 2001 From: John Engelman Date: Tue, 28 Dec 2021 18:16:02 -0600 Subject: [PATCH] Upgrade log4j version --- gradle/dependencies.gradle | 2 +- src/docs/changes/README.md | 3 +++ src/main/resources/shadow-version.txt | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle index 51e1ab63f..c252c2916 100644 --- a/gradle/dependencies.gradle +++ b/gradle/dependencies.gradle @@ -10,7 +10,7 @@ dependencies { implementation 'commons-io:commons-io:2.11.0' implementation 'org.apache.ant:ant:1.10.11' implementation 'org.codehaus.plexus:plexus-utils:3.4.1' - implementation "org.apache.logging.log4j:log4j-core:2.16.0" + implementation "org.apache.logging.log4j:log4j-core:2.17.1" implementation('org.vafer:jdependency:2.7.0') { exclude group: 'org.ow2.asm' } diff --git a/src/docs/changes/README.md b/src/docs/changes/README.md index e0decf9f1..596e168ac 100644 --- a/src/docs/changes/README.md +++ b/src/docs/changes/README.md @@ -1,4 +1,7 @@ # Change Log +## v7.1.2 (2021-12-28) +* Upgrade log4j to 2.17.1 due to CVE-2021-45105 and CVE-2021-44832 + ## v7.1.1 (2021-12-14) * Upgrade log4j to 2.16.0 due to CVE-2021-44228 and CVE-2021-45046 diff --git a/src/main/resources/shadow-version.txt b/src/main/resources/shadow-version.txt index 21c8c7b46..a8a188756 100644 --- a/src/main/resources/shadow-version.txt +++ b/src/main/resources/shadow-version.txt @@ -1 +1 @@ -7.1.1 +7.1.2