From: liamfallon <liam.fallon@est.tech>
Date: Thu, 16 Dec 2021 13:01:26 +0000 (+0000)
Subject: Update log4j version due to security vulnerability
X-Git-Tag: 3.4.4~6
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=8547822bc047ec0b369975d5e50d1d597072006a;p=policy%2Fparent.git

Update log4j version due to security vulnerability

This change excludes old log4j libraries and includes newer versions
that are not tagged with a security vulnerability.

Issue-ID: POLICY-3862
Change-Id: I5003d29c90b418bed6db76ba6717175ead82a796
Signed-off-by: liamfallon <liam.fallon@est.tech>
---

diff --git a/integration/pom.xml b/integration/pom.xml
index 3111d2bc..6053e61a 100644
--- a/integration/pom.xml
+++ b/integration/pom.xml
@@ -324,6 +324,14 @@
                         <groupId>io.springfox</groupId>
                         <artifactId>springfox-boot-starter</artifactId>
                     </exclusion>
+                    <exclusion>
+                        <groupId>org.apache.logging.log4j</groupId>
+                        <artifactId>log4j-api</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.apache.logging.log4j</groupId>
+                        <artifactId>log4j-to-slf4j</artifactId>
+                    </exclusion>
                 </exclusions>
             </dependency>
             <dependency>
@@ -331,6 +339,16 @@
                 <artifactId>json-smart</artifactId>
                 <version>2.4.7</version>
             </dependency>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-api</artifactId>
+                <version>2.16.0</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-to-slf4j</artifactId>
+                <version>2.16.0</version>
+            </dependency>
 
             <!-- AAF Client -->
             <dependency>