[FE][Bug]Update log4j-web to fix a security issue (#5594)

Fix CVE-2017-5645 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. https://www.cvedetails.com/cve/CVE-2017-5645/
2021-04-06 10:59:40 +08:00
parent 05487e38ae
commit 68303ea7f3
1 changed files with 1 additions and 1 deletions
--- a/fe/fe-core/pom.xml
+++ b/fe/fe-core/pom.xml
@ -74,7 +74,7 @@ under the License.
        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-web</artifactId>
-            <version>2.7</version>
+            <version>2.14.0</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>