From 3618002b96c1be025d4a8d8e16a89fe443093c2e Mon Sep 17 00:00:00 2001
From: ParisaTork <47482049+ParisaTork@users.noreply.github.com>
Date: Sun, 7 Aug 2022 22:02:49 +0800
Subject: [PATCH] [KYUUBI #3145] Bump log4j from 2.17.2 to 2.18.0

### _Why are the changes needed?_

Bumping log4j from 2.17.2 to 2.18.0 will reduce the risk of CVEs.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request (Ran ```./build/mvn clean test``` - see screenshots below for more info)

Closes #3187 from ParisaTork/bump-log4j.

Closes #3145

c9f9e4a8 [ParisaTork] Update dependency list
c0d88f39 [ParisaTork] Bump log4j from 2.17.2 to 2.18.0

Authored-by: ParisaTork <47482049+ParisaTork@users.noreply.github.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 dev/dependencyList | 8 ++++----
 pom.xml            | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index c4a7917e1..30467efd2 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -122,10 +122,10 @@ kubernetes-model-scheduling/5.12.1//kubernetes-model-scheduling-5.12.1.jar
 kubernetes-model-storageclass/5.12.1//kubernetes-model-storageclass-5.12.1.jar
 libfb303/0.9.3//libfb303-0.9.3.jar
 libthrift/0.9.3//libthrift-0.9.3.jar
-log4j-1.2-api/2.17.2//log4j-1.2-api-2.17.2.jar
-log4j-api/2.17.2//log4j-api-2.17.2.jar
-log4j-core/2.17.2//log4j-core-2.17.2.jar
-log4j-slf4j-impl/2.17.2//log4j-slf4j-impl-2.17.2.jar
+log4j-1.2-api/2.18.0//log4j-1.2-api-2.18.0.jar
+log4j-api/2.18.0//log4j-api-2.18.0.jar
+log4j-core/2.18.0//log4j-core-2.18.0.jar
+log4j-slf4j-impl/2.18.0//log4j-slf4j-impl-2.18.0.jar
 logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar
 metrics-core/4.2.8//metrics-core-4.2.8.jar
 metrics-jmx/4.2.8//metrics-jmx-4.2.8.jar
diff --git a/pom.xml b/pom.xml
index b78f23deb..bb00e7a18 100644
--- a/pom.xml
+++ b/pom.xml
@@ -151,7 +151,7 @@
         <kubernetes-client.version>5.12.1</kubernetes-client.version>
         <kudu.version>1.15.0</kudu.version>
         <ldapsdk.version>5.1.4</ldapsdk.version>
-        <log4j.version>2.17.2</log4j.version>
+        <log4j.version>2.18.0</log4j.version>
         <mysql.jdbc.version>8.0.27</mysql.jdbc.version>
         <netty.version>4.1.73.Final</netty.version>
         <parquet.version>1.10.1</parquet.version>