From b6056adea49459a2e8e8b78f9ef73c6e5bcaa805 Mon Sep 17 00:00:00 2001
From: Phergus <34379254+Phergus@users.noreply.github.com>
Date: Sat, 11 Dec 2021 15:39:10 -0700
Subject: [PATCH 1/2] Update build to use log4j 2.15.0

Security vulnerability fix.
https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce
---
 build.gradle.kts | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/build.gradle.kts b/build.gradle.kts
index 1430833..f4e0809 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -95,11 +95,9 @@ repositories {
 
 dependencies {
     // Logging
-    annotationProcessor(group = "org.apache.logging.log4j", name = "log4j-core", version = "2.14.1")
-    implementation(group = "org.apache.logging.log4j", name = "log4j-api", version = "2.14.1")
-
-    // Note: log4j-1.2-api(versions 2.12.1+ breaks logging)
-    implementation(group = "org.apache.logging.log4j", name = "log4j-1.2-api", version = "2.14.1")
+    annotationProcessor(group = "org.apache.logging.log4j", name = "log4j-core", version = "2.15.0")
+    implementation(group = "org.apache.logging.log4j", name = "log4j-api", version = "2.15.0")
+    implementation(group = "org.apache.logging.log4j", name = "log4j-1.2-api", version = "2.15.0")
 
     // Bridges v1 to v2 for other code in other libs
     implementation(group = "org.slf4j", name = "slf4j-simple", version = "1.7.31")

From 70bb7c4d5bca4ac88d9dd7f4d50df0a8a961eca7 Mon Sep 17 00:00:00 2001
From: Phergus <34379254+Phergus@users.noreply.github.com>
Date: Sat, 11 Dec 2021 16:09:28 -0700
Subject: [PATCH 2/2] Update CHANGE_LOG.md

Update for 2.2.2 release.
---
 CHANGE_LOG.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/CHANGE_LOG.md b/CHANGE_LOG.md
index da359a5..7ec4c8e 100644
--- a/CHANGE_LOG.md
+++ b/CHANGE_LOG.md
@@ -1,3 +1,14 @@
+TokenTool 2.2.2
+=====
+Security fix release for vulnerability in [Apache Log4J library](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce)
+
+Changes
+-----
+* [#254][i254] - Updates Log4J to 2.15.0
+
+[i254]: https://github.com/RPTools/TokenTool/issues/254
+
+
 TokenTool 2.2.1
 =====
 Bug fix release.  Two quick bug fixes related to overlays and save file type.  See below.