Merge "Update log4j to deal with CVE-2021-44228"
diff --git a/Changes b/Changes
index 84e4bed..f8af8a2 100644
--- a/Changes
+++ b/Changes
@@ -1,11 +1,12 @@
-0.37 2021-06-24
+0.37 2021-12-10
- [feature] Introduced query references in Poliqarp (diewald)
- [bugfix] Ignore empty corpus queries (diewald)
- [bugfix] Fix handling of apostrophes in multiword and regex
values in virtual corpora (#85; diewald)
- [feature] Added getVersion() and getName() methods (diewald)
- - [bugfix] Updated plexus-utils used in antlr4-maven-plugin
+ - [security] Updated plexus-utils used in antlr4-maven-plugin
manually due to CVE-2017-1000487 (margaretha)
+ - [security] Updated log4j due to CVE-2021-44228 (diewald)
0.36 2020-07-24
- [security] Upgraded version of Google Guava
diff --git a/pom.xml b/pom.xml
index ec8411a..cf6adf9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -40,7 +40,7 @@
<antlr4.version>4.9.3</antlr4.version>
<antlr3.version>3.5.2</antlr3.version>
<java.version>1.8</java.version>
- <log4j.version>2.14.1</log4j.version>
+ <log4j.version>[2.15.0,)</log4j.version>
</properties>
<repositories>