Update log4j to 2.17.0
diff --git a/README.md b/README.md
index 505436c..d693b1d 100644
--- a/README.md
+++ b/README.md
@@ -15,8 +15,8 @@
```groovy
compile "org.apache.logging.log4j:log4j-api-kotlin:1.2.0"
-compile "org.apache.logging.log4j:log4j-api:2.16.0"
-compile "org.apache.logging.log4j:log4j-core:2.16.0"
+compile "org.apache.logging.log4j:log4j-api:2.17.0"
+compile "org.apache.logging.log4j:log4j-core:2.17.0"
```
## Documentation
@@ -28,7 +28,7 @@
## Requirements
-Log4j Kotlin API requires at least Java 7. This also requires Log4j 2 API, but it is specified as transitive
+Log4j Kotlin API requires at least Java 8. This also requires Log4j 2 API, but it is specified as transitive
dependencies automatically if you are using SBT, Maven, Gradle, or some other similar build system. This also
requires Log4j 2 Core (or possibly an other implementation of Log4j 2 API) as a runtime dependency. Some
Log4j 2 Core features require optional dependencies which are documented in the
diff --git a/pom.xml b/pom.xml
index af16619..8d4559e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -31,7 +31,6 @@
<name>Apache Log4j Kotlin API Parent</name>
<description>Apache Log4j Kotlin API parent project</description>
- <!-- TODO: website publishing -->
<url>https://logging.apache.org/log4j/kotlin/</url>
<scm>
<connection>scm:git:https://gitbox.apache.org/repos/asf/logging-log4j-kotlin.git</connection>
@@ -60,7 +59,7 @@
<jxr.plugin.version>2.5</jxr.plugin.version>
<kotlin.version>1.3.72</kotlin.version>
<kotlinx.coroutines.version>1.3.6</kotlinx.coroutines.version>
- <log4j.version>2.16.0</log4j.version>
+ <log4j.version>2.17.0</log4j.version>
<pmd.plugin.version>3.8</pmd.plugin.version>
<rat.plugin.version>0.12</rat.plugin.version>
<site.plugin.version>3.4</site.plugin.version>
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 9f4b3c7..c941054 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -30,9 +30,10 @@
- "update" - Change
- "remove" - Removed
-->
- <release version="1.2.0" date="2021-12-13" description="Release 1.2.0">
+ <release version="1.2.0" date="2021-12-20" description="Release 1.2.0">
<action issue="LOG4J2-3218" dev="rgupta" type="update">
- Update Log4j dependency to 2.16.0.
+ Update Log4j dependency to 2.17.0. Includes dependency updates to resolve
+ CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105.
</action>
</release>
<release version="1.1.0" date="2021-08-28" description="Release 1.1.0">