As you may know, Log4j released a patch (actually a couple of patches) recently for a vulnerability [CVE-2021-44228] that was identified in their library. Since a lot of Spring boot applications are out there using Log4j 2.x series. It is better to fix them as soon as possible. Also, this article is considering you are using Maven for dependency management. Fixing this in the Spring boot applications is easy. It is just adding a version property for the pom.xml. As of this date of writing, the latest updated Log4J version is 2.17.1 . So the fix is to update the version property with this. <properties> <log4j2.version>2.17.1</log4j2.version> <log4j.version>2.17.1</log4j.version> </properties> If you are using BOM, instead of spring boot parent dependency, update it as follows. <dependencyManagement> <dependencies> <dependency> ...
Just another tech blog, also my personal blog. I'll be posting interesting articles about tech, programming and tricks, dev life, and any timely topics.