Skip to content

Commit 7afa0e2

Browse files
cgiannacouliscgiannacoulis
committed
Added check to Maven Enforcer plugin to address Log4J2 vulnerability found in 2.14.x versions.
Signed-off-by: Constantinos Giannacoulis <[email protected]>
1 parent 9c8010d commit 7afa0e2

File tree

1 file changed

+18
-1
lines changed

1 file changed

+18
-1
lines changed

pom.xml

+18-1
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@
4444
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
4545

4646
<!-- Library versions-->
47-
<log4j.version>2.14.1</log4j.version>
47+
<log4j.version>2.15.0</log4j.version>
4848
<slf4j.version>1.7.32</slf4j.version>
4949
<disruptor-maven-plugin.version>3.4.4</disruptor-maven-plugin.version>
5050
</properties>
@@ -133,6 +133,23 @@
133133
</rules>
134134
</configuration>
135135
</execution>
136+
<execution>
137+
<id>ban-bad-log4j-versions</id>
138+
<phase>validate</phase>
139+
<goals>
140+
<goal>enforce</goal>
141+
</goals>
142+
<configuration>
143+
<rules>
144+
<bannedDependencies>
145+
<excludes>
146+
<exclude>org.apache.logging.log4j:log4j-core:(,2.15.0)</exclude>
147+
</excludes>
148+
</bannedDependencies>
149+
</rules>
150+
<fail>true</fail>
151+
</configuration>
152+
</execution>
136153
</executions>
137154
</plugin>
138155
<plugin>

0 commit comments

Comments
 (0)