From 2b06d15f3f066f63eabbacfc30c487af4a508ebd Mon Sep 17 00:00:00 2001
From: Sergey Matvienko <smatvienko@thingsboard.io>
Date: Mon, 13 Dec 2021 09:34:47 +0200
Subject: [PATCH] log4j-core defined to 2.15 on dependency management, but not
 used at this moment, just to be sure that no vulnerability brought by
 third-party. see https://github.com/advisories/GHSA-jfh8-c2jp-5v3q

---
 pom.xml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pom.xml b/pom.xml
index 33b531579a..705a7f5602 100755
--- a/pom.xml
+++ b/pom.xml
@@ -1498,6 +1498,11 @@
                 <artifactId>log4j-api</artifactId>
                 <version>${log4j.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-core</artifactId>
+                <version>${log4j.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.apache.logging.log4j</groupId>
                 <artifactId>log4j-to-slf4j</artifactId>