From 7bf01bfe10c5ec3906c09da003cb66749e5bb125 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Fri, 27 Mar 2026 16:46:12 +0000
Subject: [PATCH] Update log4j and slf4j dependencies to fix CVE-2021-44832

- Update log4j-core from 2.17.0 to 2.24.3 (latest stable)
- Update log4j-slf4j-impl from 2.16.0 to 2.24.3 (aligned with log4j-core)
- Update slf4j-api from 1.7.32 to 1.7.36 (latest 1.7.x)

log4j 2.16.0 and 2.17.0 were vulnerable to CVE-2021-44832 (arbitrary code
execution via JDBC Appender with a JNDI data source URI). Fixed in 2.17.1+.

https://claude.ai/code/session_014phy5zjtiuXQdvZ3osrDW4
---
 pom.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 168ced3..41cd381 100644
--- a/pom.xml
+++ b/pom.xml
@@ -66,18 +66,18 @@
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-api</artifactId>
-			<version>1.7.32</version>
+			<version>1.7.36</version>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.logging.log4j</groupId>
 			<artifactId>log4j-slf4j-impl</artifactId>
-			<version>2.16.0</version>
+			<version>2.24.3</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.logging.log4j</groupId>
 			<artifactId>log4j-core</artifactId>
-			<version>2.17.0</version>
+			<version>2.24.3</version>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>