From 46ed9260f0ad62cf8f6cb0c8871244d1502d3c02 Mon Sep 17 00:00:00 2001
From: PJ Fanning <pjfanning@users.noreply.github.com>
Date: Sun, 24 Jul 2022 11:31:47 +0100
Subject: [PATCH] HADOOP-18354. Upgrade reload4j to 1.22.2 due to XXE
 vulnerability (#4607). Contributed by PJ Fanning.

Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
---
 LICENSE-binary         | 2 +-
 hadoop-project/pom.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index 92ae2579b0438..f36b8ca2030ca 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -208,7 +208,7 @@ License Version 2.0:
 hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/checker/AbstractFuture.java
 hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/checker/TimeoutFuture.java
 
-ch.qos.reload4j:reload4j:1.2.18.3
+ch.qos.reload4j:reload4j:1.2.22
 com.aliyun:aliyun-java-sdk-core:3.4.0
 com.aliyun:aliyun-java-sdk-ecs:4.2.0
 com.aliyun:aliyun-java-sdk-ram:3.0.0
diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index c5e21508c51c6..dde1e649732cd 100644
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -79,7 +79,7 @@
 
     <!-- SLF4J/LOG4J version -->
     <slf4j.version>1.7.36</slf4j.version>
-    <reload4j.version>1.2.18.3</reload4j.version>
+    <reload4j.version>1.2.22</reload4j.version>
 
     <!-- com.google.re2j version -->
     <re2j.version>1.1</re2j.version>