From 402c14fab1fb241c82898082e7ca58417c75c6f6 Mon Sep 17 00:00:00 2001
From: John Engelman <john.engelman@target.com>
Date: Tue, 14 Dec 2021 19:46:21 -0600
Subject: [PATCH] Upgrade log4j version

---
 gradle/dependencies.gradle            | 2 +-
 src/docs/changes/README.md            | 2 ++
 src/main/resources/shadow-version.txt | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 7dd4e5595..51e1ab63f 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -10,7 +10,7 @@ dependencies {
     implementation 'commons-io:commons-io:2.11.0'
     implementation 'org.apache.ant:ant:1.10.11'
     implementation 'org.codehaus.plexus:plexus-utils:3.4.1'
-    implementation "org.apache.logging.log4j:log4j-core:2.14.1"
+    implementation "org.apache.logging.log4j:log4j-core:2.16.0"
     implementation('org.vafer:jdependency:2.7.0') {
         exclude group: 'org.ow2.asm'
     }
diff --git a/src/docs/changes/README.md b/src/docs/changes/README.md
index d9754be99..e0decf9f1 100644
--- a/src/docs/changes/README.md
+++ b/src/docs/changes/README.md
@@ -1,4 +1,6 @@
 # Change Log
+## v7.1.1 (2021-12-14)
+* Upgrade log4j to 2.16.0 due to CVE-2021-44228 and CVE-2021-45046
 
 ## v7.1.0 (2021-10-04)
 * **BREAKING** - The maven coordinates for the plugins have changed as of this version. The proper `group:artifact` is `gradle.plugin.com.github.johnrengelman:shadow`
diff --git a/src/main/resources/shadow-version.txt b/src/main/resources/shadow-version.txt
index a3fcc7121..21c8c7b46 100644
--- a/src/main/resources/shadow-version.txt
+++ b/src/main/resources/shadow-version.txt
@@ -1 +1 @@
-7.1.0
+7.1.1