From 6a89452815b494aade4203e550675b82489b5cf7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 4 Jan 2022 17:00:52 +0000
Subject: [PATCH] Bump log4j-core from 2.11.1 to 2.17.1 in
 /dubbo-dependencies-bom

Bumps log4j-core from 2.11.1 to 2.17.1.

---
updated-dependencies:
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 dubbo-dependencies-bom/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dubbo-dependencies-bom/pom.xml b/dubbo-dependencies-bom/pom.xml
index 1ff54652141..149b8d0570a 100644
--- a/dubbo-dependencies-bom/pom.xml
+++ b/dubbo-dependencies-bom/pom.xml
@@ -137,7 +137,7 @@
         <jcl_version>1.2</jcl_version>
         <log4j_version>1.2.16</log4j_version>
         <logback_version>1.2.2</logback_version>
-        <log4j2_version>2.11.1</log4j2_version>
+        <log4j2_version>2.17.1</log4j2_version>
         <commons_io_version>2.6</commons_io_version>
 
         <embedded_redis_version>0.6</embedded_redis_version>