2.3.1
What's Changed
-
update log4j compile time dep by @tbradellis in #42
-
bump gradle version by @tbradellis in #44
-
Updates log4j compile time dependencies to use 2.16. While these are not used at runtime, we are updating dependency versions to avoid any concern in the community that the vulnerability from CVE-2021-44228 exists in the jar for this extension.
related links:
https://logging.apache.org/log4j/2.x/security.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 -
This release also bumps the the newrelic-api:7.4.2 jar which coincides with the same patch for log4j in the newrelic-java-agent.
-
This point release also updates the log4j dependency version for examples included in the repository, which in fact did use a bundled log4j.
New Contributors
- @tbradellis made their first contribution in #42
Full Changelog: v2.3...v2.3.1
