From 0f2a5c43bea5be54400dc35e78ab559d1e926416 Mon Sep 17 00:00:00 2001
From: liamfallon <liam.fallon@est.tech>
Date: Tue, 14 Dec 2021 16:09:06 +0000
Subject: [PATCH] Update log4j version due to security vulnerability

This change excludes old log4j libraries and includes newer versions
that are not tagged with a security vulnerability.

Issue-ID: POLICY-3862
Change-Id: I92dea9bef6d207db92caa6eb0bc20f863c93b1be
Signed-off-by: liamfallon <liam.fallon@est.tech>
---
 integration/pom.xml | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/integration/pom.xml b/integration/pom.xml
index 6b4a5d6f..14e234d4 100644
--- a/integration/pom.xml
+++ b/integration/pom.xml
@@ -37,7 +37,7 @@
     <properties>
         <java.version>11</java.version>
         <!-- NOTE: For RELEASE/SNAPSHOT always set to the project version -->
-        <version.parent.resources>3.5.0</version.parent.resources>
+        <version.parent.resources>3.5.1-SNAPSHOT</version.parent.resources>
         <version.logback>1.2.3</version.logback>
         <version.dmaap>1.1.12</version.dmaap>
         <version.powermock>2.0.9</version.powermock>
@@ -52,7 +52,7 @@
         <version.netty>4.1.67.Final</version.netty>
         <version.springboot>2.5.0</version.springboot>
         <version.eelf.core>1.0.0</version.eelf.core>
-        <version.camel>3.7.3</version.camel>
+        <version.camel>3.13.0</version.camel>
         <version.tomcat>9.0.45</version.tomcat>
         <version.mockserver>5.11.2</version.mockserver>
         <version.immutable>2.8.8</version.immutable>
@@ -342,6 +342,14 @@
                         <groupId>io.springfox</groupId>
                         <artifactId>springfox-boot-starter</artifactId>
                     </exclusion>
+                    <exclusion>
+                        <groupId>org.apache.logging.log4j</groupId>
+                        <artifactId>log4j-api</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.apache.logging.log4j</groupId>
+                        <artifactId>log4j-to-slf4j</artifactId>
+                    </exclusion>
                 </exclusions>
             </dependency>
             <dependency>
@@ -349,6 +357,16 @@
                 <artifactId>json-smart</artifactId>
                 <version>2.4.7</version>
             </dependency>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-api</artifactId>
+                <version>2.16.0</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-to-slf4j</artifactId>
+                <version>2.16.0</version>
+            </dependency>
 
             <!-- AAF Client -->
             <dependency>
@@ -1284,4 +1302,4 @@
             </plugin>
         </plugins>
     </build>
-</project>
\ No newline at end of file
+</project>
-- 
2.16.6