Hello, everyone! I've been working on cleaning out old versions of Log4j on my servers, and I just discovered that the latest Geoserver "Platform Independent Binary" (v2.23.1) is still shipping with log4j 1.2 bundled in, even though it also includes log4j 2.17.2 and the bridge configuration. I'm guessing this may be some kind of packaging error; deleting the old log4j 1.2 jar does not seem to have interfered with the operation of my instance.
I tried to access the issue tracker to see if anyone else had reported this, but I had trouble getting in - apologies if I made a newbie error somewhere, or if I'm misunderstanding what I'm seeing. In any case, I just thought someone in the community might want to know about this! And here's some evidence to demonstrate what I'm seeing - my command line from this morning when I downloaded a fresh .zip file and confirmed that the extra log4j jar still seems to be in there: $ wget https://sourceforge.net/projects/geoserver/files/GeoServer/2.23.1/geoserver-2.23.1-bin.zip [...] 2023-06-20 07:40:06 (3.67 MB/s) - 'geoserver-2.23.1-bin.zip' saved [119749074/119749074] $ unzip -l geoserver-2.23.1-bin.zip | grep log4j 302511 05-04-2022 12:29 webapps/geoserver/WEB-INF/lib/log4j-api-2.17.2.jar 1811089 05-04-2022 12:29 webapps/geoserver/WEB-INF/lib/log4j-core-2.17.2.jar 303443 05-04-2022 14:30 webapps/geoserver/WEB-INF/lib/log4j-1.2-api-2.17.2.jar 30948 05-04-2022 13:17 webapps/geoserver/WEB-INF/lib/log4j-jul-2.17.2.jar 12844 05-04-2022 12:29 webapps/geoserver/WEB-INF/lib/log4j-jcl-2.17.2.jar 24248 05-04-2022 13:21 webapps/geoserver/WEB-INF/lib/log4j-slf4j-impl-2.17.2.jar 302511 05-04-2022 12:29 lib/log4j-api-2.17.2.jar 1811089 05-04-2022 12:29 lib/log4j-core-2.17.2.jar 303443 05-04-2022 14:30 lib/log4j-1.2-api-2.17.2.jar 30948 05-04-2022 13:17 lib/log4j-jul-2.17.2.jar 12844 05-04-2022 12:29 lib/log4j-jcl-2.17.2.jar 24248 05-04-2022 13:21 lib/log4j-slf4j-impl-2.17.2.jar 489884 05-04-2020 06:46 lib/log4j-1.2.17.jar 289 05-04-2023 12:28 resources/log4j.properties I hope this is helpful! - Demian
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
