andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Redirect Log4J 1.x to Log 2.x (#11264)

Browse Source 
Removes flag by Whitesource vulnerability scanner

Motivation:

WhiteSource vulnerability scan flags the Log4J 1.x stream as vulnerable.

Modification:

Replaced reference to `log4j` with `log4j-1.2-api`
Ran `mvn test` (on a Mac) successfully

Result:

Fixes #11263
This commit is contained in:
Stephan H. Wissel 2021-05-18 18:42:48 +08:00 committed by GitHub
parent 72db32a801
commit 7c955a19dc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
common/pom.xml
View File

@ -64,8 +64,8 @@
<optional>true</optional>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-1.2-api</artifactId>
<optional>true</optional>
</dependency>
<dependency>

6
pom.xml
View File

@ -728,9 +728,9 @@
<version>${log4j2.version}</version>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-1.2-api</artifactId>
<version>2.14.1</version>
<exclusions>
<exclusion>
<artifactId>mail</artifactId>