Upgrading log4j to 2.12.3 (#2364)

eyalkoren · web-flow · commit 5f1457d4adab · 2021-12-22T12:48:11.000+02:00
diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
@@ -24,11 +24,12 @@ endif::[]
 ==== 1.28.3 - YYYY/MM/DD
 
 [float]
-===== Breaking changes
-* If the agent cannot discover a service name, it now uses `unknown-java-service` instead of `my-service` - {pull}2325[#2325]
+===== Dependency updates
+* Update Log4j to 2.12.3
 
 [float]
-===== Features
+===== Breaking changes
+* If the agent cannot discover a service name, it now uses `unknown-java-service` instead of `my-service` - {pull}2325[#2325]
 
 [float]
 ===== Bug fixes
@@ -45,9 +46,6 @@ endif::[]
 ===== Dependency updates
 * Update Log4j to 2.12.2
 
-[float]
-===== Features
-
 [float]
 ===== Bug fixes
 * Fix module loading errors on J9 JVM - {pull}2341[#2341]
diff --git a/pom.xml b/pom.xml
@@ -112,7 +112,7 @@
         <!-- this is the last version of log4j that is compatible with Java 7. Due to a known vulnerability
         (https://nvd.nist.gov/vuln/detail/CVE-2020-9488#vulnCurrentDescriptionTitle), the SMTP appender is
          excluded from the build and not packaged into the agent artifacts -->
-        <version.log4j>2.12.2</version.log4j>
+        <version.log4j>2.12.3</version.log4j>
         <version.log4j2-ecs-layout>1.2.0</version.log4j2-ecs-layout>
         <version.spring>5.0.15.RELEASE</version.spring>
         <version.spring-boot>2.2.2.RELEASE</version.spring-boot>
