From 82d482393d4347845094555050907a7f303217eb Mon Sep 17 00:00:00 2001 From: Loganaden Velvindron Date: Tue, 21 Dec 2021 21:51:40 +0400 Subject: [PATCH 1/2] Update to log4j 2.17. This fixes https://nvd.nist.gov/vuln/detail/CVE-2021-45105 --- zuul-sample/build.gradle | 2 +- zuul-sample/dependencies.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/zuul-sample/build.gradle b/zuul-sample/build.gradle index fd5ca0704e..eeaee8a26b 100644 --- a/zuul-sample/build.gradle +++ b/zuul-sample/build.gradle @@ -10,7 +10,7 @@ dependencies { implementation 'commons-configuration:commons-configuration:1.10' annotationProcessor project(":zuul-processor") - runtimeOnly 'org.apache.logging.log4j:log4j-core:2.16.0' + runtimeOnly 'org.apache.logging.log4j:log4j-core:2.17.0' runtimeOnly 'org.apache.logging.log4j:log4j-slf4j-impl:2.15.0' } diff --git a/zuul-sample/dependencies.lock b/zuul-sample/dependencies.lock index f84e3abee9..f267aecee2 100644 --- a/zuul-sample/dependencies.lock +++ b/zuul-sample/dependencies.lock @@ -624,7 +624,7 @@ "locked": "1" }, "org.apache.logging.log4j:log4j-core": { - "locked": "2.16.0" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-slf4j-impl": { "locked": "2.15.0" @@ -843,7 +843,7 @@ "locked": "1" }, "org.apache.logging.log4j:log4j-core": { - "locked": "2.16.0" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-slf4j-impl": { "locked": "2.15.0" @@ -1178,7 +1178,7 @@ "locked": "1" }, "org.apache.logging.log4j:log4j-core": { - "locked": "2.16.0" + "locked": "2.17.0" }, "org.apache.logging.log4j:log4j-slf4j-impl": { "locked": "2.15.0" @@ -1209,4 +1209,4 @@ "locked": "1.7.32" } } -} \ No newline at end of file +} From fb438ae71369422bdec71efbc784660eb7552132 Mon Sep 17 00:00:00 2001 From: Loganaden Velvindron Date: Wed, 29 Dec 2021 08:36:43 +0400 Subject: [PATCH 2/2] Remove new line