[Snyk] Security upgrade org.apache.logging.log4j:log4j-core from 2.17.0 to 2.17.1#44

snyk-bot · 2022-01-21T13:00:00Z

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
	651/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.6	Arbitrary Code Execution SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339	`org.apache.logging.log4j:log4j-core:` `2.17.0 -> 2.17.1`	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339

snyk-bot and others added 2 commits January 21, 2022 12:59

fix: pom.xml to reduce vulnerabilities

e052bf3

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339

Merge branch 'master' into snyk-fix-8004e37f2b0fd9ade4d82892f7b2043d

a5ecabb

raczeja merged commit 922cc4f into master Feb 9, 2022

raczeja deleted the snyk-fix-8004e37f2b0fd9ade4d82892f7b2043d branch February 9, 2022 10:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade org.apache.logging.log4j:log4j-core from 2.17.0 to 2.17.1#44