log4j-core defined to 2.15 on dependency management, but not used at this moment, just to be sure that no vulnerability brought by third-party. see https://github.com/advisories/GHSA-jfh8-c2jp-5v3q

2021-12-13 09:34:47 +02:00 · 2021-12-13 09:34:47 +02:00 · 2b06d15f3f
commit 2b06d15f3f
parent 8392075168
1 changed files with 5 additions and 0 deletions
--- a/pom.xml
+++ b/pom.xml
@ -1498,6 +1498,11 @@
                <artifactId>log4j-api</artifactId>
                <version>${log4j.version}</version>
            </dependency>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-core</artifactId>
+                <version>${log4j.version}</version>
+            </dependency>
            <dependency>
                <groupId>org.apache.logging.log4j</groupId>
                <artifactId>log4j-to-slf4j</artifactId>