[GitHub] [activemq] gemmellr commented on a change in pull request #662: [AMQ-7426] Upgrade to log4j2

Tue, 22 Feb 2022 10:30:43 -0800 


gemmellr commented on a change in pull request #662:
URL: https://github.com/apache/activemq/pull/662#discussion_r812241660



##########
File path: activemq-shiro/pom.xml
##########
@@ -100,13 +94,19 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-log4j12</artifactId>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-slf4j-impl</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>log4j</groupId>
-            <artifactId>log4j</artifactId>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-core</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>commons-logging</groupId>
+            <artifactId>commons-logging</artifactId>
+            <version>1.0</version>

Review comment:
       The commons-logging version was managed by a dependencyManagement until 
the PR removed it, and this module previously specified a dep using that same 
property, which was set to 1.2...why specify a fixed version here, and one 
which is older than that used before on existing releases?

##########
File path: pom.xml
##########
@@ -442,29 +441,6 @@
       <!-- =============================== -->
       <!-- Required dependencies -->
       <!-- =============================== -->
-      <dependency>
-        <groupId>commons-logging</groupId>
-        <artifactId>commons-logging</artifactId>
-        <version>${commons-logging-version}</version>
-        <exclusions>
-          <exclusion>
-            <groupId>avalon-framework</groupId>
-            <artifactId>avalon-framework</artifactId>
-          </exclusion>
-          <exclusion>
-            <groupId>logkit</groupId>
-            <artifactId>logkit</artifactId>
-          </exclusion>
-          <exclusion>
-            <groupId>log4j</groupId>
-            <artifactId>log4j</artifactId>
-          </exclusion>
-          <exclusion>
-            <groupId>javax.servlet</groupId>
-            <artifactId>servlet-api</artifactId>
-          </exclusion>
-        </exclusions>
-      </dependency>

Review comment:
       Removal of this very long standing set of 
(https://github.com/apache/activemq/commit/735dc7a230b15044c7fcefbe1f762b5ed13b3132)
 exclusions is presumably why all the log4j dependencies popped up for things 
referencing activeio. which uses commons-logging.
   
   Removal of the dependencyManagement entry also explains why the instances of 
commons-logging are older than those present in 5.16.4




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to