[Java] Bump log4j 2.16.0 -> 2.17.0 (#21176)

architkulkarni · architkulkarni · commit ef593fe5d3c8 · 2021-12-21T10:27:59.000-08:00
Resolves [CVE-2021-45105](GHSA-p6xc-xr62-6r2g).
diff --git a/java/dependencies.bzl b/java/dependencies.bzl
@@ -17,9 +17,9 @@ def gen_java_deps():
             "org.apache.commons:commons-lang3:3.4",
             "org.msgpack:msgpack-core:0.8.20",
             "org.ow2.asm:asm:6.0",
-            "org.apache.logging.log4j:log4j-api:2.16.0",
-            "org.apache.logging.log4j:log4j-core:2.16.0",
-            "org.apache.logging.log4j:log4j-slf4j-impl:2.16.0",
+            "org.apache.logging.log4j:log4j-api:2.17.0",
+            "org.apache.logging.log4j:log4j-core:2.17.0",
+            "org.apache.logging.log4j:log4j-slf4j-impl:2.17.0",
             "org.slf4j:slf4j-api:1.7.25",
             "com.lmax:disruptor:3.3.4",
             "org.yaml:snakeyaml:1.26",
