Bump Internal usages of log4j 2.10.0 to 2.15.0 (#1817) (#1821)

jbaiera · rootnix · web-flow · commit d889fbe4826b · 2021-12-13T13:10:41.000-05:00
[CVE-2021-44228] Log4j versions prior to 2.15.0 are subject to a remote code execution vulnerability via the ldap JNDI parser. Log4J is distributed as part of Hadoop/Spark installations, and as such is not exported as a dependency of ES-Hadoop. This PR updates internal testing uses of the logging framework. Co-authored-by: rootnix <secu.rootnix@gmail.com>
diff --git a/gradle.properties b/gradle.properties
@@ -10,7 +10,7 @@ org.gradle.java.installations.fromEnv=JAVA_HOME,RUNTIME_JAVA_HOME,JAVA15_HOME,JA
 
 ## Dependecies Version
 # Logging
-log4jVersion = 2.10.0
+log4jVersion = 2.15.0
 
 # Hadoop versions
 hadoop3Version  = 3.1.2
