This is an automated email from the ASF dual-hosted git repository.
tallison pushed a commit to branch branch_3x
in repository https://gitbox.apache.org/repos/asf/tika.git
The following commit(s) were added to refs/heads/branch_3x by this push:
new 1a77d7171 TIKA-4348 -- downgrade log4j2 (#2043)
1a77d7171 is described below
commit 1a77d7171f23b2ec3d987d6d8b1064eb41d26b4c
Author: Tim Allison <[email protected]>
AuthorDate: Wed Nov 13 10:35:14 2024 -0500
TIKA-4348 -- downgrade log4j2 (#2043)
(cherry picked from commit 932edbaff3b69034e4840033dfa9019dddbb10fc)
---
tika-parent/pom.xml | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/tika-parent/pom.xml b/tika-parent/pom.xml
index eeb909cc0..778193fa4 100644
--- a/tika-parent/pom.xml
+++ b/tika-parent/pom.xml
@@ -394,7 +394,8 @@
<jwarc.version>0.30.0</jwarc.version>
<kafka.version>3.9.0</kafka.version>
<libpst.version>0.9.3</libpst.version>
- <log4j2.version>2.24.1</log4j2.version>
+ <log4j2.version>2.24.0</log4j2.version>
+ <!-- can't update to 10, needs jdk21 -->
<lucene.version>9.12.0</lucene.version>
<maven.plugin.annotations.version>3.15.1</maven.plugin.annotations.version>
<mchange.version>0.3.1</mchange.version>
@@ -1251,7 +1252,14 @@
<rules>
<bannedDependencies>
<excludes>
+ <!-- log4shell -->
<exclude>org.apache.logging.log4j:log4j-core:(,2.17.1)</exclude>
+ <!--
+ https://github.com/apache/logging-log4j2/issues/3143
+ https://github.com/apache/logging-log4j2/issues/3196
+ -->
+
<exclude>org.apache.logging.log4j:log4j-core:[2.24.1]</exclude>
+
<exclude>org.apache.logging.log4j:log4j-api:[2.24.1]</exclude>
</excludes>
</bannedDependencies>
</rules>
