Update log4j to 2.17.1 (#2676)

Summary: Updates log4j to avoid a 0day RCE vulnerability. See https://www.lunasec.io/docs/blog/log4j-zero-day/ Reviewed By: chatura-atapattu fbshipit-source-id: fb46a5204300bffc584176a86589d329b5969756 Co-authored-by: Milen Dzhumerov <[email protected]>
facebook · Jan 13, 2022 · 0e72e40 · 0e72e40 · hakerbaya · Jan 25, 2022
1 parent c79e653
commit 0e72e40
Show file tree

Hide file tree

Showing 6 changed files with 4 additions and 4 deletions.
diff --git a/build.xml b/build.xml
@@ -247,8 +247,8 @@
     <include name="xz-java-1.5/xz-1.5.jar" />
     <include name="zstd-jni/zstd-jni-1.4.0-1.jar" />
     <include name="remote-apis/remote-apis.jar" />
-    <include name="log4j2/log4j-api-2.13.0.jar" />
-    <include name="log4j2/log4j-core-2.13.0.jar" />
+    <include name="log4j2/log4j-api-2.17.1.jar" />
+    <include name="log4j2/log4j-core-2.17.1.jar" />
 
     <!-- maven interop -->
     <include name="aether/aether-api-1.0.2.v20150114.jar" />

diff --git a/third-party/java/log4j2/BUCK b/third-party/java/log4j2/BUCK
@@ -1,6 +1,6 @@
 prebuilt_jar(
     name = "log4j2-api",
-    binary_jar = "log4j-api-2.13.0.jar",
+    binary_jar = "log4j-api-2.17.1.jar",
     licenses = [
         "LICENSE",
     ],
@@ -12,7 +12,7 @@ prebuilt_jar(
 
 prebuilt_jar(
     name = "log4j2-core",
-    binary_jar = "log4j-core-2.13.0.jar",
+    binary_jar = "log4j-core-2.17.1.jar",
     licenses = [
         "LICENSE",
     ],

diff --git a/third-party/java/log4j2/log4j-api-2.17.1-sources.jar b/third-party/java/log4j2/log4j-api-2.17.1-sources.jar
diff --git a/third-party/java/log4j2/log4j-api-2.17.1.jar b/third-party/java/log4j2/log4j-api-2.17.1.jar
diff --git a/third-party/java/log4j2/log4j-core-2.17.1-sources.jar b/third-party/java/log4j2/log4j-core-2.17.1-sources.jar
diff --git a/third-party/java/log4j2/log4j-core-2.17.1.jar b/third-party/java/log4j2/log4j-core-2.17.1.jar