Merge pull request #45 from corona-warn-app/fix/bump_log4j

Fix/Bump Log4j and spring

Author: ascheibal

pom.xml

@@ -5,7 +5,7 @@
 
   <groupId>app.coronawarn.verification</groupId>
   <artifactId>cwa-dcc-server</artifactId>
-  <version>1.0.3-SNAPSHOT</version>
+  <version>1.0.4-SNAPSHOT</version>
   <packaging>jar</packaging>
 
   <name>cwa-dcc-server</name>
@@ -34,9 +34,9 @@
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
     <!-- dependencies -->
-    <spring.boot.version>2.4.5</spring.boot.version>
+    <spring.boot.version>2.5.7</spring.boot.version>
     <spring-security.version>5.3.10.RELEASE</spring-security.version>
-    <spring.cloud.version>2020.0.1</spring.cloud.version>
+    <spring.cloud.version>2020.0.4</spring.cloud.version>
     <lombok.version>1.18.16</lombok.version>
     <liquibase.version>3.10.0</liquibase.version>
     <springdoc.version>1.4.5</springdoc.version>
@@ -58,7 +58,7 @@
       **/domain/*,
       **/config/*,
       **/exception/*
-    </sonar.coverage.exclusions>    
+    </sonar.coverage.exclusions>
   </properties>
 
   <dependencyManagement>
@@ -92,6 +92,12 @@
         <artifactId>liquibase-core</artifactId>
         <version>${liquibase.version}</version>
       </dependency>
+      <dependency>
+        <groupId>org.apache.logging.log4j</groupId>
+        <artifactId>log4j-bom</artifactId>
+        <version>2.16.0</version>
+        <scope>import</scope>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 
@@ -240,6 +246,7 @@
       <artifactId>shedlock-spring</artifactId>
       <version>${shedlock.version}</version>
     </dependency>
+
   </dependencies>
 
   <build>