Merge branch 'stable-3.1'
* stable-3.1:
Update log4j2 version to 2.17.0
Update log4j2 version to 2.16.0 to fix CVE-2021-44228
Update JGit dependency to align with core's version
Change-Id: I29bb066bae4bf5879da3bbd4765c8683dda8b4f7
diff --git a/external_plugin_deps.bzl b/external_plugin_deps.bzl
index 33c4e4e..ab5a444 100644
--- a/external_plugin_deps.bzl
+++ b/external_plugin_deps.bzl
@@ -21,24 +21,24 @@
sha1 = "595d5dabfeb29244b8c91776898cee78299080d5",
)
- LOG4J2_VERS = "2.11.1"
+ LOG4J2_VERS = "2.17.0"
maven_jar(
name = "log4j-slf4j-impl",
artifact = "org.apache.logging.log4j:log4j-slf4j-impl:" + LOG4J2_VERS,
- sha1 = "4b41b53a3a2d299ce381a69d165381ca19f62912",
+ sha1 = "1ec25ce0254749c94549ea9c3cea34bd0488c9c6",
)
maven_jar(
name = "log4j-core",
artifact = "org.apache.logging.log4j:log4j-core:" + LOG4J2_VERS,
- sha1 = "592a48674c926b01a9a747c7831bcd82a9e6d6e4",
+ sha1 = "fe6e7a32c1228884b9691a744f953a55d0dd8ead",
)
maven_jar(
name = "log4j-api",
artifact = "org.apache.logging.log4j:log4j-api:" + LOG4J2_VERS,
- sha1 = "268f0fe4df3eefe052b57c87ec48517d64fb2a10",
+ sha1 = "bbd791e9c8c9421e45337c4fe0a10851c086e36c",
)
maven_jar(