MCL-20901

Bump Log4j2 version to 2.16.0

The Apache Log4j team have just released version 2.16.0 which is a drop-in replacement for previous 2.x versions like the 2.15.0 version now being downloaded by the launcher.

2.16.0 hardens Log4j against the CVE which 2.15.0 fixes and it would be a nice version bump to disable the vulnerable feature entirely.

See changes here: https://logging.apache.org/log4j/2.x/changes-report.html#a2.16.0

Status:Duplicate

Reporter:Adam Macdonald

Created:2021-12-14, 06:10 PM

Updated:2021-12-15, 12:12 AM

Resolved:2021-12-15, 12:07 AM

Votes:0

Watchers:1

Confirmation Status:Unconfirmed

Labels:

Affects Versions:

2.2.7955 (Linux) - 2.2.8353 (Mac)

2.2.7955 (Linux), 2.2.7956 (Mac), 2.2.7957 (Windows), 2.2.8354 (Linux), 2.2.8351 (Windows), 2.2.8353 (Mac)

Fix Versions:-