Log4j Vulnerability - https://blog.gradle.org/log4j-vulnerability;

Upgrade Gradle Enterprise plugin to 3.8

gradle/base-information.gradle

@@ -7,6 +7,21 @@
 
 apply plugin: 'base'
 
+
+buildscript {
+	dependencies {
+		constraints {
+			classpath("org.apache.logging.log4j:log4j-core") {
+				version {
+					strictly("[2.17, 3[")
+					prefer("2.17.0")
+				}
+				because("CVE-2021-44228, CVE-2021-45046, CVE-2021-45105: Log4j vulnerable to remote code execution and other critical security vulnerabilities")
+			}
+		}
+	}
+}
+
 ext {
 	ormVersionFile = file("${rootProject.projectDir}/gradle/version.properties")
 

gradle/java-module.gradle

@@ -125,6 +125,17 @@ dependencies {
 	annotationProcessor libraries.logging_processor
 	annotationProcessor libraries.logging
 	annotationProcessor libraries.logging_annotations
+
+
+	constraints {
+		implementation('org.apache.logging.log4j:log4j-core') {
+			version {
+				strictly('[2.17, 3[')
+				prefer('2.17.0')
+			}
+			because('CVE-2021-44228, CVE-2021-45046, CVE-2021-45105: Log4j vulnerable to remote code execution and other critical security vulnerabilities')
+		}
+	}
 }
 
 

settings.gradle

@@ -16,7 +16,7 @@ pluginManagement {
 }
 
 plugins {
-    id 'com.gradle.enterprise' version '3.6.1'
+    id 'com.gradle.enterprise' version '3.8'
     id 'com.gradle.common-custom-user-data-gradle-plugin' version '1.4.2'
 }