hiro/ray
1
0
Fork 0
mirror of https://github.com/vale981/ray synced 2025-03-05 10:01:43 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Bump log4j from 2.14.0 to 2.15.0 (#21036)

Browse source 
Fix Remote code injection in Log4j
Log4j versions prior to 2.15.0 are subject to a remote code execution vulnerability via the ldap JNDI parser.

Check this refer: [CVE-2021-44228](https://github.com/advisories/GHSA-jfh8-c2jp-5v3q)
This commit is contained in:
Seonggwon Yoon 2021-12-12 16:07:50 +09:00 committed by GitHub
parent f4e6623522
commit f1acabe9cf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
java/dependencies.bzl
View file

@ -18,9 +18,9 @@ def gen_java_deps():
"org.apache.commons:commons-lang3:3.4",
"org.msgpack:msgpack-core:0.8.20",
"org.ow2.asm:asm:6.0",
"org.apache.logging.log4j:log4j-api:2.14.0",
"org.apache.logging.log4j:log4j-core:2.14.0",
"org.apache.logging.log4j:log4j-slf4j-impl:2.14.0",
"org.apache.logging.log4j:log4j-api:2.15.0",
"org.apache.logging.log4j:log4j-core:2.15.0",
"org.apache.logging.log4j:log4j-slf4j-impl:2.15.0",
"org.slf4j:slf4j-api:1.7.25",
"com.lmax:disruptor:3.3.4",
"org.yaml:snakeyaml:1.26",