DEP: Update log4j

bf8b8295 · Timm Fitschen · 08596571 · bf8b8295 · bf8b8295
Verified Commit bf8b8295 authored 3 years ago by Timm Fitschen
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-## [Unreleased]
+## [v0.6.1] - 2021-12-13
+(Timm Fitschen)
+This is an important security update.
 ### Added
@@ -19,7 +22,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Security
-* [caosdb-deploy#225](https://gitlab.indiscale.com/caosdb/src/caosdb-deploy/-/issues/225) - Denied Edit permission leads to retrieve permission.
+* Update of logging backend log4j after a critical security vulnerability
+  [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) to v2.15.0.
+* [caosdb-deploy#225](https://gitlab.indiscale.com/caosdb/src/caosdb-deploy/-/issues/225)
+  - Denied Edit permission leads to retrieve permission.
 ## [v0.6.0] - 2021-11-17
 (Timm Fitschen)

--- a/pom.xml
+++ b/pom.xml
@@ -35,8 +35,10 @@
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.build.testSourceDirectory>src/test/java</project.build.testSourceDirectory>
    <protobuf.version>3.14.0</protobuf.version>
-    <grpc.version>1.35.0</grpc.version>
+    <grpc.version>1.42.1</grpc.version>
    <netty-tcnative.version>2.0.34.Final</netty-tcnative.version>
+    <restlet.version>2.4.3</restlet.version>
+    <log4j.version>2.15.0</log4j.version>
  </properties>
  <repositories>
    <repository>
@@ -96,12 +98,12 @@
    <dependency>
      <groupId>org.restlet.jse</groupId>
      <artifactId>org.restlet</artifactId>
-      <version>2.3.12</version>
+      <version>${restlet.version}</version>
    </dependency>
    <dependency>
      <groupId>org.restlet.jse</groupId>
      <artifactId>org.restlet.ext.fileupload</artifactId>
-      <version>2.3.12</version>
+      <version>${restlet.version}</version>
    </dependency>
    <dependency>
      <groupId>mysql</groupId>
@@ -131,7 +133,7 @@
    <dependency>
      <groupId>org.restlet.jse</groupId>
      <artifactId>org.restlet.ext.jetty</artifactId>
-      <version>2.3.12</version>
+      <version>${restlet.version}</version>
    </dependency>
    <dependency>
      <groupId>org.apache.commons</groupId>
@@ -166,22 +168,22 @@
    <dependency>
      <groupId>org.apache.logging.log4j</groupId>
      <artifactId>log4j-slf4j-impl</artifactId>
-      <version>2.11.1</version>
+      <version>${log4j.version}</version>
    </dependency>
    <dependency>
      <groupId>org.slf4j</groupId>
      <artifactId>slf4j-api</artifactId>
-      <version>1.7.21</version>
+      <version>1.7.32</version>
    </dependency>
    <dependency>
      <groupId>org.apache.logging.log4j</groupId>
      <artifactId>log4j-api</artifactId>
-      <version>2.11.1</version>
+      <version>${log4j.version}</version>
    </dependency>
    <dependency>
      <groupId>org.apache.logging.log4j</groupId>
      <artifactId>log4j-core</artifactId>
-      <version>2.11.1</version>
+      <version>${log4j.version}</version>
    </dependency>
    <dependency>
      <groupId>io.grpc</groupId>