Upgrade log4j to 2.16

Summary: Upgrade log4j to 2.16 Pulls upstream: apache#12061 According to the description of the upstream PR, we should be safe with 2.15 but it's good to upgrade. Reviewers: O1139 Druid, yyang Reviewed By: O1139 Druid, yyang Subscribers: jenkins, shawncao, #realtime-analytics Differential Revision: https://phabricator.pinadmin.com/D824772
debasatwa29 · Dec 15, 2021 · 78f0ab4 · 78f0ab4
1 parent 5bea06b
commit 78f0ab4
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/licenses.yaml b/licenses.yaml
@@ -1304,7 +1304,7 @@ name: Apache Log4j
 license_category: binary
 module: java-core
 license_name: Apache License version 2.0
-version: 2.5
+version: 2.16.0
 libraries:
   - org.apache.logging.log4j: log4j-1.2-api
   - org.apache.logging.log4j: log4j-api

diff --git a/pom.xml b/pom.xml
@@ -89,7 +89,7 @@
         <jersey.version>1.19.3</jersey.version>
         <!-- jackson 2.7.x causes injection error and 2.8.x can't be used because avatica is using 2.6.3 -->
         <jackson.version>2.6.7</jackson.version>
-        <log4j.version>2.15.0</log4j.version>
+        <log4j.version>2.16.0</log4j.version>
         <!-- HttpClient has not yet been ported to Netty 4.x -->
         <netty3.version>3.10.6.Final</netty3.version>
         <!-- Spark updated in https://github.com/apache/spark/pull/19884 -->