Upgrade log4j to 2.15.0 - CVE-2021-44228

rhowe commented 2 years ago

PR Checklist

Please check if your PR fulfills the following requirements:

[x] The commit message follows our guidelines: https://github.com/oblac/jodd/blob/master/CONTRIBUTING.md
N/A Tests for the changes have been added (for bug fixes / features)
N/A Docs have been added / updated (for bug fixes / features)

Not completely sure whether I got the dependency spec correct - ./gradlew dependencies didn't show log4j so I'm not really sure what's going on but hopefully this is a helpful nudge if nothing else.

igr commented 2 years ago

Yeah, it is not a dependency, but still OK :)

rhowe commented 2 years ago

Yeah, it is not a dependency, but still OK :)

Interesting - the Debian package of this library lists it as a dependency

oblac / jodd

Upgrade log4j to 2.15.0 - CVE-2021-44228 #785

PR Checklist