If it's any value to someone using CAS overlay 6.4.4.2 this is how the
changes all look:
gradle.properties:
log4j2.version=2.17.1
build.gradle:
dependencies {
...
// Log4j2 version 2.17.1 patch
implementation
"org.apache.logging.log4j:log4j-api:${project.'log4j2.version'}"
implementation
"org.apache.logging.log4j:log4j-core:${project.'log4j2.version'}"
implementation
"org.apache.logging.log4j:log4j-jcl:${project.'log4j2.version'}"
implementation
"org.apache.logging.log4j:log4j-jul:${project.'log4j2.version'}"
implementation
"org.apache.logging.log4j:log4j-layout-template-json:${project.'log4j2.version'}"
implementation
"org.apache.logging.log4j:log4j-slf4j18-impl:${project.'log4j2.version'}"
implementation
"org.apache.logging.log4j:log4j-web:${project.'log4j2.version'}"
...
}
...
overlays {
cas {
...
excludes = ["WEB-INF/lib/log4j-*-2.17.0.jar"]
...
}
}
Cheers,
Rod
On Fri, Jan 7, 2022 at 11:01 AM Rod B <[email protected]> wrote:
> Hi,
>
> In test I downloaded the CAS Overlay for 6.4.4.2 here:
> https://github.com/apereo/cas-overlay-template/archive/6.4.zip
>
> We have a very basic install and I built the cas.war file.
>
> When. I look at .../cas/WEB-INF/lib I notice there is to log4j-jul files:
> log4j-jul-2.14.1.jar
> log4j-jul-2.17.0.jar
>
> I've tried to exclude the old file in the build.gradle file:
>
> overlays {
>
> cas {
> from
> "org.apereo.cas:cas-server-webapp${project.appServer}:${project.'cas.version'}@war
> provided = false
> excludes = ["WEB-INF/lib/servlet-api-2*.jar"]
> excludes = ["WEB-INF/lib/log4j-jul-2.14.1.jar"]
>
> }
>
> But the file remains.
>
> Fortunately it doesn't seem to be causing a problem, but I've experienced
> issues when there are duplicate jar files of different versions.
> Specifically log4j2 files.
>
> Is this something that can be fixed in the upstream?
>
> Also, is log4j2 going to be upgraded to 2.17.1 soon or do we need to use
> the remediation steps referenced in this thread:
>
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BTBYOQ-AecysHAxD0FHEdBnTTHD3wNTa_d1xXcVVRmuC16A5g%40mail.gmail.com
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BTBYOQ-AecysHAxD0FHEdBnTTHD3wNTa_d1xXcVVRmuC16A5g%40mail.gmail.com?utm_medium=email&utm_source=footer>
>
> Many thanks!
>
> Rod
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a4676eac-89f5-405e-bbc3-3e8f586725b0n%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/a4676eac-89f5-405e-bbc3-3e8f586725b0n%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOz46ZQprk3rqLB0Sxhq7CApQ7%3DGM7q7-xJO9oDJ26Rd0gPDDg%40mail.gmail.com.
