DEP: Update log4j

CHANGELOG.md

@@ -5,7 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased]
+## [v0.6.1] - 2021-12-13
+(Timm Fitschen)
+
+This is an important security update.
 
 ### Added
 
@@ -19,7 +22,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Security
 
-* [caosdb-deploy#225](https://gitlab.indiscale.com/caosdb/src/caosdb-deploy/-/issues/225) - Denied Edit permission leads to retrieve permission.
+* Update of logging backend log4j after a critical security vulnerability
+  [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) to v2.15.0.
+* [caosdb-deploy#225](https://gitlab.indiscale.com/caosdb/src/caosdb-deploy/-/issues/225)
+  - Denied Edit permission leads to retrieve permission.
 
 ## [v0.6.0] - 2021-11-17
 (Timm Fitschen)

pom.xml

@@ -35,8 +35,10 @@
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <project.build.testSourceDirectory>src/test/java</project.build.testSourceDirectory>
     <protobuf.version>3.14.0</protobuf.version>
-    <grpc.version>1.35.0</grpc.version>
+    <grpc.version>1.42.1</grpc.version>
     <netty-tcnative.version>2.0.34.Final</netty-tcnative.version>
+    <restlet.version>2.4.3</restlet.version>
+    <log4j.version>2.15.0</log4j.version>
   </properties>
   <repositories>
     <repository>
@@ -96,12 +98,12 @@
     <dependency>
       <groupId>org.restlet.jse</groupId>
       <artifactId>org.restlet</artifactId>
-      <version>2.3.12</version>
+      <version>${restlet.version}</version>
     </dependency>
     <dependency>
       <groupId>org.restlet.jse</groupId>
       <artifactId>org.restlet.ext.fileupload</artifactId>
-      <version>2.3.12</version>
+      <version>${restlet.version}</version>
     </dependency>
     <dependency>
       <groupId>mysql</groupId>
@@ -131,7 +133,7 @@
     <dependency>
       <groupId>org.restlet.jse</groupId>
       <artifactId>org.restlet.ext.jetty</artifactId>
-      <version>2.3.12</version>
+      <version>${restlet.version}</version>
     </dependency>
     <dependency>
       <groupId>org.apache.commons</groupId>
@@ -166,22 +168,22 @@
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-slf4j-impl</artifactId>
-      <version>2.11.1</version>
+      <version>${log4j.version}</version>
     </dependency>
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-api</artifactId>
-      <version>1.7.21</version>
+      <version>1.7.32</version>
     </dependency>
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-api</artifactId>
-      <version>2.11.1</version>
+      <version>${log4j.version}</version>
     </dependency>
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-core</artifactId>
-      <version>2.11.1</version>
+      <version>${log4j.version}</version>
     </dependency>
     <dependency>
       <groupId>io.grpc</groupId>