NIFI-9482 This closes #5600. Upgrade Log4j 2 from 2.15.0 to 2.16.0

Signed-off-by: Joe Witt <joewitt@apache.org>
2021-12-13 15:03:07 -06:00 · 2021-12-13 15:03:07 -06:00 · 1321b25f66
parent 3d5f357de8
commit 1321b25f66
1 changed files with 2 additions and 2 deletions
--- a/pom.xml
+++ b/pom.xml
@ -485,11 +485,11 @@
                <artifactId>aspectjweaver</artifactId>
                <version>${aspectj.version}</version>
            </dependency>
-            <!-- Ensure log4j-core 2.15.0 is used by any transitive dependencies to remediate Log4Shell vulnerability -->
+            <!-- Override log4j-core and related Log4j 2 libraries for transitive dependencies to address CVE-2021-44228 -->
            <dependency>
                <groupId>org.apache.logging.log4j</groupId>
                <artifactId>log4j-bom</artifactId>
-                <version>2.15.0</version>
+                <version>2.16.0</version>
                <scope>import</scope>
                <type>pom</type>
            </dependency>