Update to log4j 2.16 per CVE-2021-45046

splunk · Dec 16, 2021 · f386b5b · f386b5b
1 parent d4fe1ab
commit f386b5b
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,15 @@
 # Splunk Logging for Java Changelog
 
+## Version 1.6.2-0-1
+
+### Critial backport
+*  Upgrading log4J to 2.16 per CVE-2021-45046.
+
+## Version 1.6.2-0-0
+
+### Critial backport
+*  Upgrading log4J to 2.15 per CVE-2021-44228.
+
 ## Version 1.6.2
 
 *  Add support to allow users to define their own event body serializer for HTTP event adapter: Simply create a class implementing `com.splunk.logging.EventBodySerializer`, 

diff --git a/pom.xml b/pom.xml
@@ -6,7 +6,7 @@
 
   <groupId>com.splunk.logging</groupId>
   <artifactId>splunk-library-javalogging</artifactId>
-  <version>1.6.2-0-0</version>
+  <version>1.6.2-0-1</version>
   <packaging>jar</packaging>
 
   <name>Splunk Logging for Java</name>
@@ -197,13 +197,13 @@
      <dependency>
        <groupId>org.apache.logging.log4j</groupId>
          <artifactId>log4j-api</artifactId>
-         <version>2.15.0</version>
+         <version>2.16.0</version>
      </dependency>
 
      <dependency>
        <groupId>org.apache.logging.log4j</groupId>
        <artifactId>log4j-core</artifactId>
-       <version>2.15.0</version>
+       <version>2.16.0</version>
      </dependency>
 
     <dependency>