[Snyk] Security upgrade org.apache.logging.log4j:log4j-core from 2.14.1 to 2.25.4#19
[Snyk] Security upgrade org.apache.logging.log4j:log4j-core from 2.14.1 to 2.25.4#19philvarner-snyk wants to merge 1 commit into
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967727 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967769 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967804
|
This upgrade spans multiple significant releases, including the critical security updates that addressed the Log4Shell vulnerability (CVE-2021-44228). It introduces several breaking changes and important behavioral modifications that require verification. Key Breaking Changes:
Recommendation: Due to the security-driven breaking changes, you must carefully review your logging configurations (
|
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
Snyk has created this PR to fix 3 vulnerabilities in the maven dependencies of this project.
Snyk changed the following file(s):
log4shell-goof/log4shell-client/pom.xmlVulnerabilities that will be fixed with an upgrade:
SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967727
2.14.1->2.25.4No Path FoundNo Known ExploitSNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967769
2.14.1->2.25.4No Path FoundNo Known ExploitSNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967804
2.14.1->2.25.4No Path FoundNo Known ExploitBreaking Change Risk
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Improper Encoding or Escaping of Output