Updates Gradle to 7.3.2 to force log4j onto 2.x

dehora / nakadi-java

🌀 Client library for the Nakadi Event Broker (examples: http://bit.ly/njc-examples, site: https://dehora.github.io/nakadi-java/)

MIT License

30 stars 19 forks source link

Updates Gradle to 7.3.2 to force log4j onto 2.x #368

Closed dehora closed 2 years ago

dehora commented 2 years ago

Gradle 7.3.2 requires the version of Log4J to be 2.16.0 or higher by default. This avoids bringing into vulnerable versions of log4j via the build. See "Protecting your build dependencies" at https://blog.gradle.org/log4j-vulnerability.