https://issues.apache.org/jira/browse/LOG4J2-3230
Change-Id: I7625b1513ea8bf9c02a5dcb7ef8bca0aa7d98a5d
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-bom</artifactId>
<type>pom</type>
- <version>2.16.0</version>
+ <version>2.17.0</version>
</dependency>
<dependency>
<groupId>org.awaitility</groupId>
<excludes>
<!-- https://nvd.nist.gov/vuln/detail/CVE-2021-44228: at least 2.15.0 -->
<!-- https://nvd.nist.gov/vuln/detail/CVE-2021-45046: at least 2.16.0 -->
- <exclude>org.apache.logging.log4j:log4j-core:(,2.16.0)</exclude>
+ <!-- https://nvd.nist.gov/vuln/detail/CVE-2021-45105: at least 2.17.0 -->
+ <exclude>org.apache.logging.log4j:log4j-core:(,2.17.0)</exclude>
</excludes>
</bannedDependencies>
</rules>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-bom</artifactId>
- <version>2.16.0</version>
+ <version>2.17.0</version>
<scope>import</scope>
<type>pom</type>
</dependency>