Upgrade to log4j 2.16.0

Upgrade to log4j2 2.16.0 to address log4shell vulnerability

Issue-ID: CCSDK-3556
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: I005a2030679172288b8195b72ef804feb4f84386

diff --git a/springboot/springboot25/pom.xml b/springboot/springboot25/pom.xml
index 97a180f..5b45515 100644 (file)
--- a/springboot/springboot25/pom.xml
+++ b/springboot/springboot25/pom.xml
@@ -127,6 +127,8 @@
         <jersey.version>2.33</jersey.version>
         <jersey.client.version>2.33</jersey.client.version>
         <jettison.version>1.3.8</jettison.version>
+        <log4j.version>2.16.0</log4j.version>
+        <log4j2.version>2.16.0</log4j2.version>
         <logback.version>1.2.3</logback.version>
         <mariadb.connector.version>2.7.3</mariadb.connector.version>
         <mariadb4j.version>2.4.0</mariadb4j.version>