[Java] Bump log4j 2.17.0 to 2.17.1 (#21373)

New log4j version fixes vulnerability: * https://nvd.nist.gov/vuln/detail/CVE-2021-44832
2025-03-05 10:01:43 -05:00 · 2022-01-05 02:58:48 +01:00 · 2022-01-05 02:58:48 +01:00 · 8884cf0f4f
commit 8884cf0f4f
parent 240e6efe21
1 changed files with 3 additions and 3 deletions
--- a/java/dependencies.bzl
+++ b/java/dependencies.bzl
@ -18,9 +18,9 @@ def gen_java_deps():
            "org.apache.commons:commons-lang3:3.4",
            "org.msgpack:msgpack-core:0.8.20",
            "org.ow2.asm:asm:6.0",
-            "org.apache.logging.log4j:log4j-api:2.17.0",
-            "org.apache.logging.log4j:log4j-core:2.17.0",
-            "org.apache.logging.log4j:log4j-slf4j-impl:2.17.0",
+            "org.apache.logging.log4j:log4j-api:2.17.1",
+            "org.apache.logging.log4j:log4j-core:2.17.1",
+            "org.apache.logging.log4j:log4j-slf4j-impl:2.17.1",
            "org.slf4j:slf4j-api:1.7.25",
            "com.lmax:disruptor:3.3.4",
            "org.yaml:snakeyaml:1.26",