Skip to content

[Snyk] Security upgrade org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4#352

Merged
sr4850 merged 1 commit intomainfrom
snyk-fix-0261f84ce3f4af5fb21197e0fa316e03
Apr 13, 2026
Merged

[Snyk] Security upgrade org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4#352
sr4850 merged 1 commit intomainfrom
snyk-fix-0261f84ce3f4af5fb21197e0fa316e03

Conversation

@dhcrees
Copy link
Copy Markdown

@dhcrees dhcrees commented Apr 11, 2026

snyk-top-banner

Snyk has created this PR to fix 4 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
medium severity Improper Output Neutralization for Logs
SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967739		   631   org.apache.logging.log4j:log4j-core:
2.25.3 -> 2.25.4
No Known Exploit
medium severity Improper Encoding or Escaping of Output
SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967769		   631   org.apache.logging.log4j:log4j-core:
2.25.3 -> 2.25.4
No Known Exploit
medium severity Improper Encoding or Escaping of Output
SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967804		   631   org.apache.logging.log4j:log4j-core:
2.25.3 -> 2.25.4
No Known Exploit
medium severity Improper Validation of Certificate with Host Mismatch
SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967727		   601   org.apache.logging.log4j:log4j-core:
2.25.3 -> 2.25.4
No Known Exploit

Breaking Change Risk

Merge Risk: Low

Notice: This assessment is enhanced by AI.

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Output Neutralization for Logs
🦉 Improper Encoding or Escaping of Output

@dhcrees
Copy link
Copy Markdown
Author

dhcrees commented Apr 11, 2026

Merge Risk: Low

This is a patch version upgrade from 2.25.3 to 2.25.4, released on March 28, 2026.

This update contains bug fixes and minor improvements with no breaking changes documented.

Key Changes:

  • Configuration Fixes: Restores alignment between documented and actual configuration attributes, particularly for Rfc5424Layout and SslConfiguration.
  • Formatting Fixes: Addresses formatting and sanitization issues in XML and RFC5424 layouts, and improves handling of invalid characters.

No action is required for this upgrade.

Source: Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

@sr4850 sr4850 merged commit 5373b77 into main Apr 13, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sr4850 sr4850 sr4850 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dhcrees @sr4850 @snyk-bot