Upgrade log4j 2.15.0 => 2.17.0

This change upgrades log4j to patch fixes for recently documented CVE-2021-45046 CVE-2021-45105 vulnerabilities related to the Log4Shell exploit. Like the earlier fix, Bisq does not appear to be vulnerable to these exploits because it does not use log4j directly, only transitively depends on it. Nevertheless, the upgrade is still the safe bet.
bisq-network · Dec 20, 2021 · 07a139c · 07a139c
1 parent cf81fd4
commit 07a139c
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 1 deletion.
diff --git a/build.gradle b/build.gradle
@@ -584,7 +584,7 @@ configure(project(':pricenode')) {
         "Implementation-Title": project.name,
         "Implementation-Version": version)
 
-    ext['log4j2.version'] = '2.15.0'
+    ext['log4j2.version'] = '2.17.0'
 
     dependencies {
         implementation project(":common")

diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml
@@ -1888,6 +1888,11 @@
             <sha256 value="3f745daa4ea6dc2606525bd4279bf30062066bd223866adb7f5eee46dcf76a03" origin="Generated by Gradle"/>
          </artifact>
       </component>
+      <component group="org.apache.logging.log4j" name="log4j" version="2.17.0">
+         <artifact name="log4j-2.17.0.pom">
+            <sha256 value="8704606faeb779d6d2904f02ca616e0b981fe389d9fe9b89ec84a1e42aee81d2" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
       <component group="org.apache.logging.log4j" name="log4j-api" version="2.11.0">
          <artifact name="log4j-api-2.11.0.jar">
             <sha256 value="fa5828950269b0ae425c96d889f18f40b336e9fa886841ae06bb9225511f1217" origin="Generated by Gradle"/>
@@ -1912,6 +1917,14 @@
             <sha256 value="cc75a1281e48700547a81336b564f512a7226e995800bf88ab849ab5adbffa47" origin="Generated by Gradle"/>
          </artifact>
       </component>
+      <component group="org.apache.logging.log4j" name="log4j-api" version="2.17.0">
+         <artifact name="log4j-api-2.17.0.jar">
+            <sha256 value="ab9cadc80e234580e3f3c8c18644314fccd4b3cd3f7085d4e934866cb561b95d" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="log4j-api-2.17.0.pom">
+            <sha256 value="6422d9af59acb0077e8a91c7c34a4062ff56a9731c34836a72427084e27aa479" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
       <component group="org.apache.logging.log4j" name="log4j-bom" version="2.14.1">
          <artifact name="log4j-bom-2.14.1.pom">
             <sha256 value="a9cef896837f42c6d950b1ce44e2bc1eeeadb246d6c484e07ddd99fb8c022c59" origin="Generated by Gradle"/>
@@ -1922,6 +1935,11 @@
             <sha256 value="99b95442cfaf64ba478ef06d869fefdf3dd959fec78263e59f55cec5ac98b485" origin="Generated by Gradle"/>
          </artifact>
       </component>
+      <component group="org.apache.logging.log4j" name="log4j-bom" version="2.17.0">
+         <artifact name="log4j-bom-2.17.0.pom">
+            <sha256 value="befed280f53ce4866012c9d82b1a7ab46efe26ea3969aee9172845e3a114f222" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
       <component group="org.apache.logging.log4j" name="log4j-core" version="2.11.0">
          <artifact name="log4j-core-2.11.0.jar">
             <sha256 value="c32029b32da3d8cf2feca0790a4bc2331ea7eb62ab368a8980b90c7d8c8101e0" origin="Generated by Gradle"/>
@@ -1946,6 +1964,14 @@
             <sha256 value="79c17ecc56a70d466c13bd5926c75c42d7f8bcdbbcfb7d9770e616c013531d1a" origin="Generated by Gradle"/>
          </artifact>
       </component>
+      <component group="org.apache.logging.log4j" name="log4j-to-slf4j" version="2.17.0">
+         <artifact name="log4j-to-slf4j-2.17.0.jar">
+            <sha256 value="df8a9a9d06368a87abd04051597310cc7a501762ab0cd7492ba106df92862c78" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="log4j-to-slf4j-2.17.0.pom">
+            <sha256 value="24d195ba852929def67345ea9c2a52e6d6d470b86bee3a2fd64e087fe5a0151b" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
       <component group="org.apache.tomcat.embed" name="tomcat-embed-core" version="9.0.54">
          <artifact name="tomcat-embed-core-9.0.54.jar">
             <sha256 value="287f5b91c434df0eef104389c52c480ab4b66f80b494c16607fd82ae9217f8e3" origin="Generated by Gradle"/>