Temporarily update log4j dependency to fix CVE-2020-9488

2025-10-03 09:49:17 +02:00 · 2020-05-01 13:43:34 +02:00 · 2020-05-01 13:43:34 +02:00 · 6ab03e88a3
commit 6ab03e88a3
parent 8e21e849c2
1 changed files with 12 additions and 0 deletions
--- a/pom.xml
+++ b/pom.xml
@ -90,6 +90,18 @@
                <type>pom</type>
                <scope>import</scope>
            </dependency>
+            <dependency>
+                <!-- Spring Boot 2.2.6 doesn't update log4j yet, fixes CVE -->
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-api</artifactId>
+                <version>2.13.2</version>
+            </dependency>
+            <dependency>
+                <!-- Spring Boot 2.2.6 doesn't update log4j yet, fixes CVE -->
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-to-slf4j</artifactId>
+                <version>2.13.2</version>
+            </dependency>
            <dependency>
                <groupId>org.liquibase</groupId>
                <artifactId>liquibase-core</artifactId>