Skip to content

Update to log4j 2.17.0#125

Closed
0001vrn wants to merge 1 commit intoExpediaGroup:mainfrom
0001vrn:patch-1
Closed

Update to log4j 2.17.0#125
0001vrn wants to merge 1 commit intoExpediaGroup:mainfrom
0001vrn:patch-1

Conversation

@0001vrn
Copy link

@0001vrn 0001vrn commented Dec 21, 2021

See https://logging.apache.org/log4j/2.x/changes-report.html#a2.17.0

Motivation:

log4j 2.16 was recently discovered to be vulnerable to an infinite recursion DOS. Version 2.17 fixes LOG4J2-3230.

Modification:

Change the POM from 2.16 to 2.17 for log4j.

Result:

This PR updates log4j to 2.17, which includes a patch for the issue.

Fixes #

@0001vrn
Update to log4j 2.17.0
8f0d477 
See https://logging.apache.org/log4j/2.x/changes-report.html#a2.17.0

Motivation:

log4j 2.16 was recently discovered to be vulnerable to an infinite recursion DOS. Version 2.17 fixes LOG4J2-3230.

Modification:

Change the POM from 2.16 to 2.17 for log4j.

Result:

This PR updates log4j to 2.17, which includes a patch for the issue.
@0001vrn
Copy link
Author

0001vrn commented Dec 21, 2021

Closing this since it is already raised by dependabot #124

@0001vrn 0001vrn closed this Dec 21, 2021
@0001vrn 0001vrn deleted the patch-1 branch December 21, 2021 07:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@0001vrn