Update log4j version due to security vulnerability

This change excludes old log4j libraries and includes newer versions
that are not tagged with a security vulnerability.

Issue-ID: POLICY-3862
Change-Id: I5003d29c90b418bed6db76ba6717175ead82a796
Signed-off-by: liamfallon <liam.fallon@est.tech>

diff --git a/integration/pom.xml b/integration/pom.xml
index 3111d2b..6053e61 100644 (file)
--- a/integration/pom.xml
+++ b/integration/pom.xml
@@ -324,6 +324,14 @@
                         <groupId>io.springfox</groupId>
                         <artifactId>springfox-boot-starter</artifactId>
                     </exclusion>
+                    <exclusion>
+                        <groupId>org.apache.logging.log4j</groupId>
+                        <artifactId>log4j-api</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.apache.logging.log4j</groupId>
+                        <artifactId>log4j-to-slf4j</artifactId>
+                    </exclusion>
                 </exclusions>
             </dependency>
             <dependency>
@@ -331,6 +339,16 @@
                 <artifactId>json-smart</artifactId>
                 <version>2.4.7</version>
             </dependency>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-api</artifactId>
+                <version>2.16.0</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-to-slf4j</artifactId>
+                <version>2.16.0</version>
+            </dependency>
 
             <!-- AAF Client -->
             <dependency>