I did the patch remediation and the older file is now gone and we're at log4j version 2.17.1
So, thank you community for all of your help! Rod On Fri., Jan. 7, 2022, 11:01 a.m. Rod B, <[email protected]> wrote: > Hi, > > In test I downloaded the CAS Overlay for 6.4.4.2 here: > https://github.com/apereo/cas-overlay-template/archive/6.4.zip > > We have a very basic install and I built the cas.war file. > > When. I look at .../cas/WEB-INF/lib I notice there is to log4j-jul files: > log4j-jul-2.14.1.jar > log4j-jul-2.17.0.jar > > I've tried to exclude the old file in the build.gradle file: > > overlays { > > cas { > from > "org.apereo.cas:cas-server-webapp${project.appServer}:${project.'cas.version'}@war > provided = false > excludes = ["WEB-INF/lib/servlet-api-2*.jar"] > excludes = ["WEB-INF/lib/log4j-jul-2.14.1.jar"] > > } > > But the file remains. > > Fortunately it doesn't seem to be causing a problem, but I've experienced > issues when there are duplicate jar files of different versions. > Specifically log4j2 files. > > Is this something that can be fixed in the upstream? > > Also, is log4j2 going to be upgraded to 2.17.1 soon or do we need to use > the remediation steps referenced in this thread: > > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BTBYOQ-AecysHAxD0FHEdBnTTHD3wNTa_d1xXcVVRmuC16A5g%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BTBYOQ-AecysHAxD0FHEdBnTTHD3wNTa_d1xXcVVRmuC16A5g%40mail.gmail.com?utm_medium=email&utm_source=footer> > > Many thanks! > > Rod > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/a4676eac-89f5-405e-bbc3-3e8f586725b0n%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/a4676eac-89f5-405e-bbc3-3e8f586725b0n%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOz46ZSRNNVJ6o3RRTnAXE3mV9Rkwdkh9D8npWNU3dT6HPMn0A%40mail.gmail.com.
