From 1579bd054daadf50c1feea5b8d7b3ab9005aafd2 Mon Sep 17 00:00:00 2001
From: Richard Startin <richard@startree.ai>
Date: Fri, 10 Dec 2021 14:53:48 +0000
Subject: [PATCH] update log4j 2 to avoid CVE-2021-44228 (#7889)

---
 LICENSE-binary | 8 ++++----
 pom.xml        | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index a75f9d899f1..430f8a5ce6e 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -345,10 +345,10 @@ org.apache.httpcomponents:httpmime:4.5.3
 org.apache.kafka:kafka-clients:2.0.0
 org.apache.kafka:kafka_2.10:0.9.0.1
 org.apache.kafka:kafka_2.11:2.0.0
-org.apache.logging.log4j:log4j-1.2-api:2.11.2
-org.apache.logging.log4j:log4j-api:2.11.2
-org.apache.logging.log4j:log4j-core:2.11.2
-org.apache.logging.log4j:log4j-slf4j-impl:2.11.2
+org.apache.logging.log4j:log4j-1.2-api:2.15.0
+org.apache.logging.log4j:log4j-api:2.15.0
+org.apache.logging.log4j:log4j-core:2.15.0
+org.apache.logging.log4j:log4j-slf4j-impl:2.15.0
 org.apache.lucene:lucene-analyzers-common:8.2.0
 org.apache.lucene:lucene-core:8.2.0
 org.apache.lucene:lucene-queries:8.2.0
diff --git a/pom.xml b/pom.xml
index 14b0216db40..184b9bd0159 100644
--- a/pom.xml
+++ b/pom.xml
@@ -146,7 +146,7 @@
     <snappy-java.version>1.1.1.7</snappy-java.version>
     <zstd-jni.version>1.4.9-5</zstd-jni.version>
     <lz4-java.version>1.7.1</lz4-java.version>
-    <log4j.version>2.11.2</log4j.version>
+    <log4j.version>2.15.0</log4j.version>
     <netty.version>4.1.54.Final</netty.version>
     <reactivestreams.version>1.0.3</reactivestreams.version>
     <jts.version>1.16.1</jts.version>