[java] bump log4j up to 2.15.0 version
Kudu doesn't use Java for the server-side components, but to keep
various security scanners happy regarding the recent security
vulnerabilities like [1], let's update the log4j package up to the
recently released 2.15.0 version (2021-12-06). Release notes for the
new version of the package is available at [2].
[1] https://logging.apache.org/log4j/2.x/security.html
[2] https://logging.apache.org/log4j/2.x/changes-report.html#a2.15.0
Change-Id: Ib7317447f24916795d8f00e3f6c418707c7fd4ff
Reviewed-on: http://gerrit.cloudera.org:8080/18084
Reviewed-by: Andrew Wong <awong@cloudera.com>
Reviewed-by: Greg Solovyev <gsolovyev@cloudera.com>
Tested-by: Kudu Jenkins
(cherry picked from commit 44e517519e1507eafe58bd9179940160e6934079)
Conflicts:
java/gradle/dependencies.gradle
Reviewed-on: http://gerrit.cloudera.org:8080/18089
Reviewed-by: Alexey Serbin <aserbin@cloudera.com>
Reviewed-by: Bankim Bhavsar <bankim@cloudera.com>
Tested-by: Alexey Serbin <aserbin@cloudera.com>
diff --git a/java/gradle/dependencies.gradle b/java/gradle/dependencies.gradle
index e66d7f5..b15e645 100755
--- a/java/gradle/dependencies.gradle
+++ b/java/gradle/dependencies.gradle
@@ -45,7 +45,7 @@
jmh : "1.23",
jsr305 : "3.0.2",
junit : "4.13",
- log4j : "2.11.2",
+ log4j : "2.15.0",
micrometer : "1.5.1",
mockito : "3.3.3",
murmur : "1.0.0",
