From 8b989e5dfeafeef13f5eada49c99bc5f718717df Mon Sep 17 00:00:00 2001
From: Tim Pavlik <tpavlik@splunk.com>
Date: Mon, 20 Dec 2021 10:18:34 -0800
Subject: [PATCH] Upgrade log4j to 2.17.0 per CVE-2021-45046 & CVE-2021-44228 &
 CVE-2021-45105.

---
 CHANGELOG.md | 5 +++++
 README.md    | 2 +-
 pom.xml      | 6 +++---
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bf1b3bb5..548df5e5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Splunk Logging for Java Changelog
 
+## Version 1.6.2-0-2
+
+### Critical backport
+*  Upgrading to 2.17 per CVE-2021-45046 & CVE-2021-44228 & CVE-2021-45105.
+
 ## Version 1.6.2-0-1
 
 ### Critical backport
diff --git a/README.md b/README.md
index f6dd01ca..0edf3b38 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Splunk Logging for Java
 
-#### Version 1.6.2
+#### Version 1.6.2-0-2
 
 This project provides utilities to easily log data using Splunk's recommended 
 best practices to any supported logger, using any of the three major Java 
diff --git a/pom.xml b/pom.xml
index fd70f342..577b70ea 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
 
   <groupId>com.splunk.logging</groupId>
   <artifactId>splunk-library-javalogging</artifactId>
-  <version>1.6.2-0-1</version>
+  <version>1.6.2-0-2</version>
   <packaging>jar</packaging>
 
   <name>Splunk Logging for Java</name>
@@ -197,13 +197,13 @@
      <dependency>
        <groupId>org.apache.logging.log4j</groupId>
          <artifactId>log4j-api</artifactId>
-         <version>2.16.0</version>
+         <version>2.17.0</version>
      </dependency>
 
      <dependency>
        <groupId>org.apache.logging.log4j</groupId>
        <artifactId>log4j-core</artifactId>
-       <version>2.16.0</version>
+       <version>2.17.0</version>
      </dependency>
 
     <dependency>