From 5e7c420696991ccebfaa038c5c5ffd662e591eb4 Mon Sep 17 00:00:00 2001
From: "Piotr P. Karwasz" <piotr@github.copernik.eu>
Date: Mon, 5 May 2025 16:34:26 +0200
Subject: [PATCH] Add `pax-logging-log4j2` to CVE-2021-45046

The `pax-logging-log4j2` artifact shades `log4j-core` with minimal modifications.

The correspondence between `pax-logging-log4j2` versions and the embedded `log4j-core` version is given by the table below:

| `pax-logging-log4j2` version | `log4j-core` version |
|------------------------------|----------------------|
| 2.0.10                       | 2.14.1               |
| 2.0.11                       | 2.15.0               |
| 2.0.12                       | 2.16.0               |
| 2.0.13                       | 2.17.0               |
| 2.0.14                       | 2.17.1               |
---
 .../GHSA-7rjr-3q55-vv33.json                  | 21 ++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/advisories/github-reviewed/2021/12/GHSA-7rjr-3q55-vv33/GHSA-7rjr-3q55-vv33.json b/advisories/github-reviewed/2021/12/GHSA-7rjr-3q55-vv33/GHSA-7rjr-3q55-vv33.json
index 7cdf9826fccbe..f3ce5189f58b6 100644
--- a/advisories/github-reviewed/2021/12/GHSA-7rjr-3q55-vv33/GHSA-7rjr-3q55-vv33.json
+++ b/advisories/github-reviewed/2021/12/GHSA-7rjr-3q55-vv33/GHSA-7rjr-3q55-vv33.json
@@ -52,6 +52,25 @@
           ]
         }
       ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.ops4j.pax.logging:pax-logging-log4j2"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.8.0"
+            },
+            {
+              "fixed": "2.0.12"
+            }
+          ]
+        }
+      ]
     }
   ],
   "references": [
@@ -170,4 +189,4 @@
     "github_reviewed_at": "2021-12-14T17:55:00Z",
     "nvd_published_at": "2021-12-14T19:15:00Z"
   }
-}
\ No newline at end of file
+}