diff options
| author | Reinier Zwitserloot <r.zwitserloot@projectlombok.org> | 2021-12-16 21:21:38 +0100 |
|---|---|---|
| committer | Reinier Zwitserloot <r.zwitserloot@projectlombok.org> | 2021-12-16 21:35:37 +0100 |
| commit | c10b47a5d12b94570067c4b412c3018630300e7f (patch) | |
| tree | 46384d1435cf3800df38067fadf80a903d1a83db | |
| parent | 35430a2e6baf526aecd9d86804eabeb9dd182545 (diff) | |
| download | lombok-c10b47a5d12b94570067c4b412c3018630300e7f.tar.gz lombok-c10b47a5d12b94570067c4b412c3018630300e7f.tar.bz2 lombok-c10b47a5d12b94570067c4b412c3018630300e7f.zip | |
[#3063] Whilst lombok is not vulnerable to Log4Shell, we do have the dependency on log4j, solely for testing purposes, and no user input is ever logged with it. Nevertheless, pushing the dep to 2.16 to avoid false positives from vulnerability scanners ruining the day.
| -rw-r--r-- | buildScripts/ivy.xml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/buildScripts/ivy.xml b/buildScripts/ivy.xml index 808f2565..ab9ddf6e 100644 --- a/buildScripts/ivy.xml +++ b/buildScripts/ivy.xml @@ -45,7 +45,7 @@ <!-- test deps --> <dependency org="junit" name="junit" rev="4.8.2" conf="test->default; sources" /> <dependency org="log4j" name="log4j" rev="1.2.17" conf="test->default; sources" /> - <dependency org="org.apache.logging.log4j" name="log4j-api" rev="2.15.0" conf="test->default; sources" /> + <dependency org="org.apache.logging.log4j" name="log4j-api" rev="2.16.0" conf="test->default; sources" /> <dependency org="commons-logging" name="commons-logging" rev="1.2" conf="test->default; sources" /> <dependency org="org.slf4j" name="slf4j-api" rev="1.8.0-beta2" conf="test->default; sources" /> <dependency org="org.slf4j" name="slf4j-ext" rev="1.8.0-beta2" conf="test->default; sources" /> |