Skip to content

Commit

Permalink
Updated log4j to version 2.5.0 to patch CVE-2021-44228 (#7600)
Browse files Browse the repository at this point in the history 
Updated log4j to version 2.5.0 to patch CVE-2021-44228
  • Loading branch information
@jonn-smith
jonn-smith authored Dec 13, 2021
1 parent 606a7cf commit c60a15b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ final disqVersion = System.getProperty('disq.version','0.3.6')
final genomicsdbVersion = System.getProperty('genomicsdb.version','1.4.2')
final bigQueryVersion = System.getProperty('bigQuery.version', '1.117.1')
final guavaVersion = System.getProperty('guava.version', '27.1-jre')
final log4j2Version = System.getProperty('log4j2Version', '2.13.1')
final log4j2Version = System.getProperty('log4j2Version', '2.15.0')
final testNGVersion = '7.0.0'

// Using the shaded version to avoid conflicts between its protobuf dependency
Expand Down

2 comments on commit c60a15b

@alanhoyle
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't that be "2.15.0" in the commit title? (not 2.5.0). The code look correct.

@jonn-smith
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it was a typo. It's already merged and we're not going to go back and change it. However, apparently 2.16.0 is the version people should use so this will be masked by that new PR.

Please sign in to comment.