fix for log4j upgrade to log4j 2.16.0
module pom changes | Ref Issue |
---|---|
IBM | osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm#2 (closed) |
Core | osdu/platform/system/lib/core/os-core-common#54 (closed) |
Part of the #24 (closed) series
Edited by David Diederich
Merge request reports
Activity
added Common Code IBM labels
Still some older versions creeping in here
Branch: log4j-vuln-fix SHA: dcfe195c29cdbe0f2f8985eee6c768a51d56b06b Maven: 0.13.0-SNAPSHOT CI: _default_
Maven Dependencies Root POM testing/ (3rd Party) org.apache.logging.log4j.log4j-api 2.15.0, 2.16.0 2.11.1 (3rd Party) org.apache.logging.log4j.log4j-core 2.15.0 (3rd Party) org.apache.logging.log4j.log4j-jul 2.15.0 (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl 2.15.0 (3rd Party) org.apache.logging.log4j.log4j-to-slf4j 2.16.0 2.11.2, 2.13.3 core-lib-azure 0.13.0-rc4 core-lib-gcp 0.7.0, 0.10.0 0.3.25 core.aws.os-core-lib-aws 0.12.0 0.12.0 os-core-common 0.13.0-rc3 0.3.18, 0.12.0 os-core-lib-ibm 0.13.0-rc4 0.12.0
[INFO] | +- org.springframework.boot:spring-boot-starter-log4j2:jar:2.4.12:compile [INFO] | | +- org.apache.logging.log4j:log4j-slf4j-impl:jar:2.15.0:compile [INFO] | | | \- org.apache.logging.log4j:log4j-api:jar:2.15.0:compile [INFO] | | +- org.apache.logging.log4j:log4j-core:jar:2.15.0:compile [INFO] | | +- org.apache.logging.log4j:log4j-jul:jar:2.15.0:compile
Edited by David Diederich@divido We have addressed core changes and IBM changes in this MR. The above older versions you see are from azure and gcp which ideally should be fixed whey they upgrade their respective core-lib
mentioned in commit 20a51f44
mentioned in merge request !124 (merged)
added MRBugfix Vulnerability Management labels
changed milestone to %M10 - Release 0.13
Please register or sign in to reply