[Security] Upgrade to Log4J 2.17.0 to mitigate CVE-2021-45105 (#13392) - more details at https://logging.apache.org/log4j/2.x/security.html (cherry picked from commit 0fa626d6b74734f4c77ec49dcf33d7ab4f0c80c1)

commit: 2774b464f3b7e1ccfdc84d6d390efe7260cbb7fa [log] [tgz]
author: Lari Hotari <lhotari@users.noreply.github.com> Sat Dec 18 20:23:22 2021 +0200
committer: Lari Hotari <lhotari@apache.org> Sat Dec 18 20:28:36 2021 +0200
tree: c3acb4933de42e5c0211dfdf14f82dd0b54399b0
parent: ab451b855d873a9bad2005f939a23118a583baa9 [diff]
diff --git a/buildtools/pom.xml b/buildtools/pom.xml
index ba214ed..7fdcc77 100644
--- a/buildtools/pom.xml
+++ b/buildtools/pom.xml

@@ -43,17 +43,17 @@
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-api</artifactId>
-      <version>2.16.0</version>
+      <version>2.17.0</version>
     </dependency>
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-core</artifactId>
-      <version>2.16.0</version>
+      <version>2.17.0</version>
     </dependency>
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-slf4j-impl</artifactId>
-      <version>2.16.0</version>
+      <version>2.17.0</version>
     </dependency>
     <!-- for testing FastThreadLocalStateCleaner -->
     <dependency>

diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index 1ff1d7d..5a9c5c8 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt

@@ -388,11 +388,11 @@
     - jakarta.validation-jakarta.validation-api-2.0.2.jar
     - javax.validation-validation-api-1.1.0.Final.jar
  * Log4J
-    - org.apache.logging.log4j-log4j-api-2.16.0.jar
-    - org.apache.logging.log4j-log4j-core-2.16.0.jar
-    - org.apache.logging.log4j-log4j-slf4j-impl-2.16.0.jar
-    - org.apache.logging.log4j-log4j-web-2.16.0.jar
-    - org.apache.logging.log4j-log4j-1.2-api-2.16.0.jar
+    - org.apache.logging.log4j-log4j-api-2.17.0.jar
+    - org.apache.logging.log4j-log4j-core-2.17.0.jar
+    - org.apache.logging.log4j-log4j-slf4j-impl-2.17.0.jar
+    - org.apache.logging.log4j-log4j-web-2.17.0.jar
+    - org.apache.logging.log4j-log4j-1.2-api-2.17.0.jar
  * Java Native Access JNA -- net.java.dev.jna-jna-4.2.0.jar
  * BookKeeper
     - org.apache.bookkeeper-bookkeeper-common-4.12.0.jar

diff --git a/pom.xml b/pom.xml
index 52f9751..337ff220 100644
--- a/pom.xml
+++ b/pom.xml

@@ -111,7 +111,7 @@
     <rocksdb.version>6.10.2</rocksdb.version>
     <slf4j.version>1.7.25</slf4j.version>
     <commons.collections.version>3.2.2</commons.collections.version>
-    <log4j2.version>2.16.0</log4j2.version>
+    <log4j2.version>2.17.0</log4j2.version>
     <bouncycastle.version>1.68</bouncycastle.version>
     <bouncycastlefips.version>1.0.2</bouncycastlefips.version>
     <jackson.version>2.11.1</jackson.version>
commit	2774b464f3b7e1ccfdc84d6d390efe7260cbb7fa	[log] [tgz]
author	Lari Hotari <lhotari@users.noreply.github.com>	Sat Dec 18 20:23:22 2021 +0200
committer	Lari Hotari <lhotari@apache.org>	Sat Dec 18 20:28:36 2021 +0200
tree	c3acb4933de42e5c0211dfdf14f82dd0b54399b0
parent	ab451b855d873a9bad2005f939a23118a583baa9 [diff]