Override log4j to 2.17.1 to address CVE-2021-44832

obsidiandynamics · Jan 19, 2022 · a8649c5 · a8649c5
1 parent ab11833
commit a8649c5
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/pom.xml b/pom.xml
@@ -23,6 +23,7 @@
         <protobuf.version>3.19.1</protobuf.version>
         <testcontainers.version>1.16.2</testcontainers.version>
         <kafka-libs.version>6.1.4</kafka-libs.version>
+        <log4j2.version>2.17.1</log4j2.version>
     </properties>
 
     <scm>
@@ -119,6 +120,11 @@
             <artifactId>msgpack-core</artifactId>
             <version>0.8.24</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-bom</artifactId>
+            <version>${log4j2.version}</version>
+        </dependency>
 
         <!-- Spring Boot -->
         <dependency>