(incubator-stormcrawler) branch main updated: #1403 - Downgrade log4j2 to Storm's version. Fixes #1403

[rzo1]

This is an automated email from the ASF dual-hosted git repository.

rzo1 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-stormcrawler.git


The following commit(s) were added to refs/heads/main by this push:
     new 9b6109e0 #1403 - Downgrade log4j2 to Storm's version. Fixes #1403
9b6109e0 is described below

commit 9b6109e0a02e9ff9f81defc8fa91ed84218cd130
Author: tallison <talli...@apache.org>
AuthorDate: Wed Nov 13 10:45:37 2024 -0500

    #1403 - Downgrade log4j2 to Storm's version. Fixes #1403
---
 THIRD-PARTY.txt |  6 +++---
 pom.xml         | 11 ++++++++---
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/THIRD-PARTY.txt b/THIRD-PARTY.txt
index ecee0fdf..4e15bbc5 100644
--- a/THIRD-PARTY.txt
+++ b/THIRD-PARTY.txt
@@ -66,9 +66,10 @@ List of third-party dependencies grouped by their license 
type.
         * Apache James :: Mime4j :: Core 
(org.apache.james:apache-mime4j-core:0.8.11 - 
http://james.apache.org/mime4j/apache-mime4j-core)
         * Apache James :: Mime4j :: DOM 
(org.apache.james:apache-mime4j-dom:0.8.11 - 
http://james.apache.org/mime4j/apache-mime4j-dom)
         * Apache JempBox (org.apache.pdfbox:jempbox:1.8.17 - 
http://www.apache.org/pdfbox-parent/jempbox/)
-        * Apache Log4j API (org.apache.logging.log4j:log4j-api:2.24.1 - 
https://logging.apache.org/log4j/2.x/log4j/log4j-api/)
-        * Apache Log4j Core (org.apache.logging.log4j:log4j-core:2.24.1 - 
https://logging.apache.org/log4j/2.x/log4j/log4j-core/)
+        * Apache Log4j API (org.apache.logging.log4j:log4j-api:2.23.0 - 
https://logging.apache.org/log4j/2.x/log4j/log4j-api/)
+        * Apache Log4j Core (org.apache.logging.log4j:log4j-core:2.23.0 - 
https://logging.apache.org/log4j/2.x/log4j/log4j-core/)
         * Apache Log4j JUL Adapter (org.apache.logging.log4j:log4j-jul:2.21.0 
- https://logging.apache.org/log4j/2.x/log4j/log4j-jul/)
+        * Apache Log4j SLF4J Binding 
(org.apache.logging.log4j:log4j-slf4j-impl:2.23.0 - 
https://logging.apache.org/log4j/2.x/log4j/log4j-slf4j-impl/)
         * Apache Lucene (module: backward-codecs) 
(org.apache.lucene:lucene-backward-codecs:9.11.1 - https://lucene.apache.org/)
         * Apache Lucene (module: common) 
(org.apache.lucene:lucene-analysis-common:9.11.1 - https://lucene.apache.org/)
         * Apache Lucene (module: core) (org.apache.lucene:lucene-core:9.11.1 - 
https://lucene.apache.org/)
@@ -251,7 +252,6 @@ List of third-party dependencies grouped by their license 
type.
         * rome-utils (com.rometools:rome-utils:2.1.0 - 
http://rometools.com/rome-utils)
         * server (org.opensearch:opensearch:2.17.0 - 
https://github.com/opensearch-project/OpenSearch.git)
         * Shaded Deps for Storm Client 
(org.apache.storm:storm-shaded-deps:2.7.0 - 
https://storm.apache.org/storm-shaded-deps)
-        * SLF4J 1 Binding for Log4j API 
(org.apache.logging.log4j:log4j-slf4j-impl:2.24.1 - 
https://logging.apache.org/log4j/2.x/log4j/log4j-slf4j-impl/)
         * SnakeYAML (org.yaml:snakeyaml:2.3 - 
https://bitbucket.org/snakeyaml/snakeyaml)
         * snappy-java (org.xerial.snappy:snappy-java:1.1.10.4 - 
https://github.com/xerial/snappy-java)
         * sniffer (org.opensearch.client:opensearch-rest-client-sniffer:2.17.0 
- https://github.com/opensearch-project/OpenSearch.git)
diff --git a/pom.xml b/pom.xml
index 4750d50f..a8125119 100644
--- a/pom.xml
+++ b/pom.xml
@@ -70,7 +70,7 @@ under the License.
                <tika.version>3.0.0</tika.version>
                <mockito.version>5.14.2</mockito.version>
                
<jetbrains.annotations.version>26.0.1</jetbrains.annotations.version>
-               <log4j2.version>2.24.1</log4j2.version>
+               <log4j2.version>2.23.0</log4j2.version>
                <commons.io.version>2.14.0</commons.io.version>
                
<git-code-format-maven-plugin.version>5.3</git-code-format-maven-plugin.version>
                <testcontainers.version>1.20.3</testcontainers.version>
@@ -412,8 +412,13 @@ under the License.
                                                        <rules>
                                                                
<bannedDependencies>
                                                                        
<excludes>
-                                                                               
<exclude>
-                                                                               
        org.apache.logging.log4j:log4j-core:(,2.17.0)</exclude>
+                                                                               
<exclude>org.apache.logging.log4j:log4j-core:(,2.17.0)</exclude>
+                                                                               
<!--
+                      https://github.com/apache/logging-log4j2/issues/3143
+                      https://github.com/apache/logging-log4j2/issues/3196
+                     -->
+                                                                               
<exclude>org.apache.logging.log4j:log4j-core:[2.24.1]</exclude>
+                                                                               
<exclude>org.apache.logging.log4j:log4j-api:[2.24.1]</exclude>
                                                                        
</excludes>
                                                                
</bannedDependencies>
                                                        </rules>