From: vv770d <vv770d@att.com>
Date: Tue, 18 Jan 2022 22:47:26 +0000 (+0000)
Subject: Remediation for Log4Shell vulnerability
X-Git-Tag: 1.10.3^0
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=7a280a2cce33aeca65174d63edd40a44167ab8bc;p=dcaegen2%2Fcollectors%2Fves.git

Remediation for Log4Shell vulnerability

Upgrade log4j to 2.17.1

Change-Id: I2055d1cc77f0b2008e4c22624a5e4cefeefccc13
Signed-off-by: vv770d <vv770d@att.com>
Issue-ID: DCAEGEN2-3022
---

diff --git a/Changelog.md b/Changelog.md
index c8997400..8933f113 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -4,8 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [1.10.3] - 2022/01/18
+         - [DCAEGEN2-3022] - Remediation for Log4Shell vulnerability (upgrade to 2.17.1)
+
 ## [1.10.2] - 2021/12/14
-         - [DCAEGEN2-3022] - Remediation for Log4Shell vulnerability
+         - [DCAEGEN2-3022] - Remediation for Log4Shell vulnerability (upgrade to 2.16.0)
 
 ## [1.10.1] - 2021/08/31
          -  [DCAEGEN2-1483](https://jira.onap.org/browse/DCAEGEN2-2719) - CBS-Client supporting configMap
diff --git a/pom.xml b/pom.xml
index acfb8183..5723d88b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2,7 +2,7 @@
 <!--
     ================================================================================
 	Copyright (c) 2017-2019,2021 AT&T Intellectual Property. All rights reserved.
-	Copyright (c) 2020-2021 Nokia. All rights reserved.
+	Copyright (c) 2020-2022 Nokia. All rights reserved.
 	================================================================================
 	Licensed under the Apache License, Version 2.0 (the "License"); you may not
 	use this file except in compliance with the License. You may obtain a copy
@@ -24,7 +24,7 @@
   </parent>
   <groupId>org.onap.dcaegen2.collectors.ves</groupId>
   <artifactId>VESCollector</artifactId>
-  <version>1.10.2-SNAPSHOT</version>
+  <version>1.10.3-SNAPSHOT</version>
   <name>dcaegen2-collectors-ves</name>
   <description>VESCollector</description>
   <properties>
@@ -66,7 +66,7 @@
     <commons-configuration.version>1.10</commons-configuration.version>
     <vavr.version>0.10.3</vavr.version>
     <spring-boot-starter-log4j2.version>2.6.1</spring-boot-starter-log4j2.version>
-    <log4j.version>2.16.0</log4j.version>
+    <log4j.version>2.17.1</log4j.version>
     <springfox-swagger2.version>3.0.0</springfox-swagger2.version>
     <assertj-core.version>3.19.0</assertj-core.version>
     <spring-boot-starter-test.version>2.2.13.RELEASE</spring-boot-starter-test.version>
diff --git a/version.properties b/version.properties
index 6569402c..35a1494b 100644
--- a/version.properties
+++ b/version.properties
@@ -1,6 +1,6 @@
 major=1
 minor=10
-patch=2
+patch=3
 base_version=${major}.${minor}.${patch}
 release_version=${base_version}
 snapshot_version=${base_version}-SNAPSHOT