Unify log4j versions and bump from 2.11.0 to 2.13.3
CVE-2020-9488
Closes #66, #67, #74
Change-Id: Ic5447cd7724810d6e143f6be3a676a450a552d96
diff --git a/core/pom.xml b/core/pom.xml
index 32eccd7..8caa289 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -12,6 +12,7 @@
<jersey.version>1.19.4</jersey.version>
<jetty.version>9.4.19.v20190610</jetty.version>
<hibernate.version>5.3.7.Final</hibernate.version>
+ <log4j.version>2.13.3</log4j.version>
</properties>
<build>
<resources>
@@ -184,22 +185,22 @@
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
- <version>2.11.0</version>
+ <version>${log4j.version}</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
- <version>2.11.0</version>
+ <version>${log4j.version}</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-slf4j-impl</artifactId>
- <version>2.11.0</version>
+ <version>${log4j.version}</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-jul</artifactId>
- <version>2.11.0</version>
+ <version>${log4j.version}</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>