NOJIRA

Update to current patched version of log4j to fix vulnerability https://www.lunasec.io/docs/blog/log4j-zero-day/

backend/build.gradle

@@ -138,6 +138,10 @@ dependencies {
     ['starter-web', 'starter-data-jpa', 'starter-security', 'starter-actuator', 'devtools', 'starter-webflux', 'starter-thymeleaf', 'starter-mail', 'starter-validation'].each {
         compile "org.springframework.boot:spring-boot-${it}"
     }
+    // To override older version with security issue - https://www.lunasec.io/docs/blog/log4j-zero-day/
+    implementation 'org.apache.logging.log4j:log4j-to-slf4j:2.15.0'
+    implementation 'org.apache.logging.log4j:log4j-api:2.15.0'
+
     // TODO: figure out what this should really be
     runtimeOnly 'org.springframework.boot:spring-boot-starter-tomcat'
 
@@ -166,6 +170,7 @@ dependencies {
     runtimeOnly "org.postgresql:postgresql:42.2.20"
     runtimeOnly 'org.mariadb.jdbc:mariadb-java-client:2.2.0'
     runtimeOnly 'mysql:mysql-connector-java:5.1.48'
+    runtimeOnly 'com.microsoft.sqlserver:mssql-jdbc:9.4.0.jre11'
 
     //Swagger
     compile 'io.springfox:springfox-swagger2:2.9.2'