Skip to content

Commit ee46847

Browse files
abdelrahmanikramabdelrahmanikram
authored
dataflow: update log4j to 2.17.0 (GoogleCloudPlatform#6597)
Related to GoogleCloudPlatform#6588 and GoogleCloudPlatform#6587 ### Background: As recently reported on [apache.org](https://logging.apache.org/log4j/2.x/security.html) Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack.
1 parent a1c0d83 commit ee46847

File tree

5 files changed

+5
-5
lines changed

5 files changed

+5
-5
lines changed

dataflow/encryption-keys/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@
4040
<maven-exec-plugin.version>3.0.0</maven-exec-plugin.version>
4141
<maven-jar-plugin.version>3.2.0</maven-jar-plugin.version>
4242
<maven-shade-plugin.version>3.2.4</maven-shade-plugin.version>
43-
<log4j2.version>2.16.0</log4j2.version>
43+
<log4j2.version>2.17.0</log4j2.version>
4444
</properties>
4545

4646
<repositories>

dataflow/flex-templates/kafka_to_bigquery/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@
4141
<maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
4242
<maven-shade-plugin.version>3.2.4</maven-shade-plugin.version>
4343
<maven-exec-plugin.version>3.0.0</maven-exec-plugin.version>
44-
<log4j2.version>2.16.0</log4j2.version>
44+
<log4j2.version>2.17.0</log4j2.version>
4545
</properties>
4646

4747
<repositories>

dataflow/flex-templates/streaming_beam_sql/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@
4040
<maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
4141
<maven-shade-plugin.version>3.2.4</maven-shade-plugin.version>
4242
<maven-exec-plugin.version>3.0.0</maven-exec-plugin.version>
43-
<log4j2.version>2.16.0</log4j2.version>
43+
<log4j2.version>2.17.0</log4j2.version>
4444
</properties>
4545

4646
<repositories>

dataflow/spanner-io/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@
3939
<maven.compiler.source>1.8</maven.compiler.source>
4040
<maven.compiler.target>1.8</maven.compiler.target>
4141
<apache_beam.version>2.31.0</apache_beam.version>
42-
<log4j2.version>2.16.0</log4j2.version>
42+
<log4j2.version>2.17.0</log4j2.version>
4343
</properties>
4444

4545
<build>

dataflow/templates/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@
4040
<maven-exec-plugin.version>3.0.0</maven-exec-plugin.version>
4141
<maven-jar-plugin.version>3.2.0</maven-jar-plugin.version>
4242
<maven-shade-plugin.version>3.2.4</maven-shade-plugin.version>
43-
<log4j2.version>2.16.0</log4j2.version>
43+
<log4j2.version>2.17.0</log4j2.version>
4444
</properties>
4545

4646
<repositories>

0 commit comments

Comments
 (0)