[Snyk] Security upgrade org.apache.logging.log4j:log4j-core from 2.12.1 to 2.12.2

[snyk-io-us]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• connectors/examples/flink-example/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720	712	org.apache.logging.log4j:log4j-core: 2.12.1 -> 2.12.2 No Path Found Mature

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Remote Code Execution (RCE)

[snyk-io-us]

This is a patch version upgrade for log4j-core from 2.12.1 to 2.12.2. This release was specifically created to address critical security vulnerabilities.

Key Changes:

• Security Fixes: This version addresses CVE-2021-44228 and CVE-2021-45046, which are related to the "Log4Shell" vulnerability. It disables JNDI lookups by default and removes message lookup functionality to mitigate the risk of remote code execution. [2, 3, 7]
• No Breaking API Changes: The release maintains binary compatibility with previous versions, so no code changes are required for standard usage. [2, 3]

This upgrade is a critical security update and is considered safe to apply.

Source: Apache Log4j 2.12.2 Release Announcement

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io-us]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.