Google Git
Sign in
gerrit/plugins/gc-conductor/fd39cfdad8dd2f27d89fd0d828662f2bef29cc3d^!/.
commit
fd39cfdad8dd2f27d89fd0d828662f2bef29cc3d
[log]
author
Przemyslaw Waliszewski <pwaliszewski@gmail.com>
Mon Dec 20 15:36:37 2021 +0100
committer
Przemyslaw Waliszewski <pwaliszewski@gmail.com>
Mon Dec 20 16:02:22 2021 +0000
tree
80cf05a167da88e2b490f77b3fd4c87ce3fa1ad5
parent
45cd8d9435a928d2cfe716fe0fcdb8e0a8267eed [diff]
Update log4j2 version to 2.16.0 to fix CVE-2021-44228

Gc-conductor and gc-executor contains dependency to log4j2 2.11.1
version witch is vulnerable due to CVE-2021-44228.

Change-Id: I83f682e3bce11583e1aee31dadcbc470397864fc

diff --git a/external_plugin_deps.bzl b/external_plugin_deps.bzl
index f4828c5..eabfac9 100644
--- a/external_plugin_deps.bzl
+++ b/external_plugin_deps.bzl

@@ -52,24 +52,24 @@
         sha1 = "31cdf122e000322e9efcb38913e9ab07825b17ef",
     )
 
-    LOG4J2_VERS = "2.11.1"
+    LOG4J2_VERS = "2.16.0"
 
     maven_jar(
         name = "log4j-slf4j-impl",
         artifact = "org.apache.logging.log4j:log4j-slf4j-impl:" + LOG4J2_VERS,
-        sha1 = "4b41b53a3a2d299ce381a69d165381ca19f62912",
+        sha1 = "d4cc7712ebb4744681db815679248e4312f61b32",
     )
 
     maven_jar(
         name = "log4j-core",
         artifact = "org.apache.logging.log4j:log4j-core:" + LOG4J2_VERS,
-        sha1 = "592a48674c926b01a9a747c7831bcd82a9e6d6e4",
+        sha1 = "ca12fb3902ecfcba1e1357ebfc55407acec30ede",
     )
 
     maven_jar(
         name = "log4j-api",
         artifact = "org.apache.logging.log4j:log4j-api:" + LOG4J2_VERS,
-        sha1 = "268f0fe4df3eefe052b57c87ec48517d64fb2a10",
+        sha1 = "4727d93a76616ffc4149dffac5801827c0f4ac71",
     )
 
     maven_jar(