This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-4.0 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 38ed898efee8c0f9337bf24b4d7d01128efaea98 Author: Lari Hotari <[email protected]> AuthorDate: Fri Nov 14 18:11:35 2025 +0200 [improve] Upgrade Log4j2 to 2.25.2 and slf4j to 2.0.17 (#24985) (cherry picked from commit 8b28f4216203510ea5b5a9a2baecacd08b012f25) --- buildtools/pom.xml | 4 ++-- distribution/server/src/assemble/LICENSE.bin.txt | 12 ++++++------ distribution/shell/src/assemble/LICENSE.bin.txt | 10 +++++----- pom.xml | 4 ++-- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/buildtools/pom.xml b/buildtools/pom.xml index d427177db3b..1c6301c0aaf 100644 --- a/buildtools/pom.xml +++ b/buildtools/pom.xml @@ -48,8 +48,8 @@ <maven.compiler.target>1.8</maven.compiler.target> <maven.compiler.release>8</maven.compiler.release> <surefire.version>3.1.0</surefire.version> - <log4j2.version>2.23.1</log4j2.version> - <slf4j.version>2.0.13</slf4j.version> + <log4j2.version>2.25.2</log4j2.version> + <slf4j.version>2.0.17</slf4j.version> <testng.version>7.7.1</testng.version> <commons-lang3.version>3.18.0</commons-lang3.version> <license-maven-plugin.version>4.1</license-maven-plugin.version> diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index cdd17cab327..61f32b5404d 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -349,10 +349,10 @@ The Apache Software License, Version 2.0 - jakarta.validation-jakarta.validation-api-2.0.2.jar - javax.validation-validation-api-1.1.0.Final.jar * Log4J - - org.apache.logging.log4j-log4j-api-2.23.1.jar - - org.apache.logging.log4j-log4j-core-2.23.1.jar - - org.apache.logging.log4j-log4j-slf4j2-impl-2.23.1.jar - - org.apache.logging.log4j-log4j-web-2.23.1.jar + - org.apache.logging.log4j-log4j-api-2.25.2.jar + - org.apache.logging.log4j-log4j-core-2.25.2.jar + - org.apache.logging.log4j-log4j-slf4j2-impl-2.25.2.jar + - org.apache.logging.log4j-log4j-web-2.25.2.jar * Java Native Access JNA - net.java.dev.jna-jna-jpms-5.12.1.jar - net.java.dev.jna-jna-platform-jpms-5.12.1.jar @@ -562,8 +562,8 @@ BSD 2-Clause License MIT License * Java SemVer -- com.github.zafarkhaja-java-semver-0.9.0.jar -- ../licenses/LICENSE-SemVer.txt * SLF4J -- ../licenses/LICENSE-SLF4J.txt - - org.slf4j-slf4j-api-2.0.13.jar - - org.slf4j-jcl-over-slf4j-2.0.13.jar + - org.slf4j-slf4j-api-2.0.17.jar + - org.slf4j-jcl-over-slf4j-2.0.17.jar * The Checker Framework - org.checkerframework-checker-qual-3.33.0.jar * oshi diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt b/distribution/shell/src/assemble/LICENSE.bin.txt index 40ca0e5ab01..0a6385d2a97 100644 --- a/distribution/shell/src/assemble/LICENSE.bin.txt +++ b/distribution/shell/src/assemble/LICENSE.bin.txt @@ -384,10 +384,10 @@ The Apache Software License, Version 2.0 - simpleclient_tracer_otel-0.16.0.jar - simpleclient_tracer_otel_agent-0.16.0.jar * Log4J - - log4j-api-2.23.1.jar - - log4j-core-2.23.1.jar - - log4j-slf4j2-impl-2.23.1.jar - - log4j-web-2.23.1.jar + - log4j-api-2.25.2.jar + - log4j-core-2.25.2.jar + - log4j-slf4j2-impl-2.25.2.jar + - log4j-web-2.25.2.jar * OpenTelemetry - opentelemetry-api-1.45.0.jar - opentelemetry-api-incubator-1.45.0-alpha.jar @@ -429,7 +429,7 @@ BSD 3-clause "New" or "Revised" License MIT License * SLF4J -- ../licenses/LICENSE-SLF4J.txt - - slf4j-api-2.0.13.jar + - slf4j-api-2.0.17.jar * The Checker Framework - checker-qual-3.33.0.jar diff --git a/pom.xml b/pom.xml index c48c8b309ee..e99e23930f3 100644 --- a/pom.xml +++ b/pom.xml @@ -193,9 +193,9 @@ flexible messaging model and an intuitive client API.</description> <prometheus.version>0.16.0</prometheus.version> <vertx.version>4.5.22</vertx.version> <rocksdb.version>7.9.2</rocksdb.version> - <slf4j.version>2.0.13</slf4j.version> + <slf4j.version>2.0.17</slf4j.version> <commons.collections4.version>4.4</commons.collections4.version> - <log4j2.version>2.23.1</log4j2.version> + <log4j2.version>2.25.2</log4j2.version> <!-- bouncycastle dependencies aren't necessarily aligned --> <bouncycastle.bcprov-jdk18on.version>1.78.1</bouncycastle.bcprov-jdk18on.version> <bouncycastle.bcpkix-jdk18on.version>1.81</bouncycastle.bcpkix-jdk18on.version>
