search

google / bazel-common

Common functionality for Google's open-source libraries that are built with bazel.
Apache License 2.0
87 stars 40 forks source link

Bump log4j2 to 2.15.0 (CVE-2021-44228) #144

Closed philwo closed 2 years ago

philwo commented 2 years ago

@cushon @cpovirk Can you help get this merged?

tbroyer commented 2 years ago

As noted in google/flogger#304, note that 2.15 requires JDK 8.

cgdecker commented 2 years ago

Yeah, Flogger already requires JDK 8 for the log4j2 backend: https://github.com/google/flogger/blob/master/log4j2/BUILD#L18