[
https://issues.apache.org/jira/browse/OFBIZ-12590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17511397#comment-17511397
]
Michael Brohl commented on OFBIZ-12590:
---------------------------------------
The dependencies resolve to different versions of {{VMPCRandomGenerator which
is located in the bouncycastle bcprov-* packages:}}
{{| +--- bouncycastle:bcprov-jdk14:138}}
{{| +--- org.bouncycastle:bcprov-jdk14:1.38}}
{{| \--- org.bouncycastle:bcprov-jdk14:1.38}}
{{| | +--- org.bouncycastle:bcprov-jdk15on:1.70}}
{{| | | \--- org.bouncycastle:bcprov-jdk15on:1.70}}
{{| | +--- org.bouncycastle:bcprov-jdk15on:1.70}}
{{| +--- org.bouncycastle:bcprov-jdk15on:1.70}}
I had to exclude the bc*-jdk14 dependencies:
{{ // compile 'com.lowagie:itext:2.1.7' // Don't update due to license
change in newer versions, see OFBIZ-10455}}
{{ compile('com.lowagie:itext:2.1.7') {}}
{{ exclude module: 'bcmail-jdk14'}}
{{ exclude module: 'bcprov-jdk14'}}
{{ exclude module: 'bctsp-jdk14'}}
{{ }}}
The build now works.
> Update to log4j 2.17.2
> ----------------------
>
> Key: OFBIZ-12590
> URL: https://issues.apache.org/jira/browse/OFBIZ-12590
> Project: OFBiz
> Issue Type: Improvement
> Components: framework/base
> Affects Versions: Upcoming Branch
> Reporter: Michael Brohl
> Assignee: Michael Brohl
> Priority: Major
> Labels: backport-needed
> Fix For: 22.01.01
>
>
> The Apache Log4j 2 team is pleased to announce the Log4j 2.17.2 release!
> Apache Log4j is a well known framework for logging application behavior.
> Log4j 2 is an upgrade to Log4j that provides significant improvements over
> its predecessor, Log4j 1.x, and provides many other modern features such as
> support for Markers, lambda expressions for lazy logging, property
> substitution using Lookups, multiple patterns on a PatternLayout and
> asynchronous Loggers. Another notable Log4j 2 feature is the ability to be
> "garbage-free" (avoid allocating temporary objects) while logging. In
> addition, Log4j 2 will not lose events while reconfiguring.
> The artifacts may be downloaded from
> https://logging.apache.org/log4j/2.x/download.html.
> This release contains the changes noted below:
> • Over 50 improvements and fixes to the Log4j 1.x support. Continued
> testing has shown it is a suitable replacement for Log4j 1.x in most cases.
> • Scripting now requires a system property be specified naming the
> languages the user wishes to allow. The scripting engine will not load if the
> property isn't set.
> • By default, the only remote protocol allowed for loading configuration
> files is HTTPS. Users can specify a system property to allow others or
> prevent remote loading entirely.
> • Variable resolution has been modified so that only properties defined
> as properties in the configuration file can be recursive. All other Lookups
> are now non-recursive. This addresses issues users were having resolving
> lookups specified in property definitions for use in the RoutingAppender and
> RollingFileAppender due to restrictions put in place in 2.17.1.
> • Many other fixes and improvements.
> Due to a break in compatibility in the SLF4J binding, Log4j now ships with
> two versions of the SLF4J to Log4j adapters. log4j-slf4j-impl should be used
> with SLF4J 1.7.x and earlier and log4j-slf4j18-impl should be used with SLF4J
> 1.8.x and later. SLF4J-2.0.0 alpha releases are not fully supported. See
> https://issues.apache.org/jira/browse/LOG4J2-2975 and
> https://jira.qos.ch/browse/SLF4J-511.
> The Log4j 2.17.2 API, as well as many core components, maintains binary
> compatibility with previous releases.
> GA Release 2.17.2
> Changes in this version include:
> New Features
> • LOG4J2-3297: Limit loading of configuration via a url to https by
> default.
> • LOG4J2-2486: Require log4j2.Script.enableLanguages to be specified to
> enable scripting for specific languages.
> • LOG4J2-3303: Add TB support to FileSize. Thanks to ramananravi.
> • LOG4J2-3282: Add the log4j-to-jul JDK Logging Bridge Thanks to Michael
> Vorburger.
> • : Add
> org.apache.logging.log4j.core.appender.AsyncAppender.getAppenders() to more
> easily port from org.apache.log4j.AsyncAppender.getAllAppenders().
> • : Add Configurator.setLevel(Logger, Level), setLevel(String, String),
> and setLevel(Class, Level). Thanks to Gary Gregory.
> • LOG4J2-3341: Add shorthand syntax for properties configuration format
> for specifying a logger level and appender refs.
> • LOG4J2-3391: Add optional additional fields to NoSQLAppender. Thanks to
> Gary Gregory.
> Fixed Bugs
> • LOG4J2-3304: Flag LogManager as initiialized if the LoggerFactory is
> provided as a property. Thanks to francis-FY.
> • LOG4J2-3404: Fix DefaultConfiguration leak in PatternLayout Thanks to
> Piotr Karwasz.
> • LOG4J2-3405: Document that the Spring Boot Lookup requires the
> log4j-spring-boot dependency.
> • LOG4J2-3317: Fix RoutingAppender backcompat and disallow recursive
> evaluation of lookup results outside of configuration properties.
> • LOG4J2-3333: Fix ThreadContextDataInjector initialization deadlock
> • LOG4J2-3358: Fix substitutions when programmatic configuration is used
> • LOG4J2-3306: OptionConverter could cause a StackOverflowError.
> • : Log4j 1.2 bridge class ConsoleAppender should extend WriterAppender
> and provide better compatibility with custom appenders.
> • : Log4j 1.2 bridge method NDC.inherit(Stack) should not use generics to
> provide source compatibility.
> • : Log4j 1.2 bridge class PatternLayout is missing constants
> DEFAULT_CONVERSION_PATTERN and TTCC_CONVERSION_PATTERN.
> • : Log4j 1.2 bridge class PropertyConfigurator should implement
> Configurator.
> • : Log4j 1.2 bridge interface Configurator doConfigure() methods should
> use LoggerRepository, not LoggerContext.
> • : Log4j 1.2 bridge class OptionConverter is missing
> selectAndConfigure() methods.
> • : Log4j 1.2 bridge class Category should implement AppenderAttachable.
> • : Log4j 1.2 bridge method Category.exists(String) should be static.
> • : Log4j 1.2 bridge methods missing in org.apache.log4j.Category:
> getDefaultHierarchy(), getHierarchy(), getLoggerRepository().
> • : Log4j 1.2 bridge class LogManager default constructor should be
> public.
> • : Log4j 1.2 bridge interface org.apache.log4j.spi.RendererSupport was
> in the wrong package and incomplete.
> • : Log4j 1.2 bridge interfaces missing from package
> org.apache.log4j.spi: ThrowableRenderer, ThrowableRendererSupport,
> TriggeringEventEvaluator.
> • : Log4j 1.2 bridge missing class org.apache.log4j.or.RendererMap.
> • LOG4J2-3281: Log4j 1.2 bridge PropertiesConfiguration.buildAppender not
> adding filters to custom appender.
> • LOG4J2-3316: Log4j 1.2 bridge should ignore case in properties file
> keys.
> • : Log4j 1.2 bridge adds org.apache.log4j.component.helpers.Constants.
> • : Log4j 1.2 bridge adds org.apache.log4j.helpers.LogLog.
> • : Log4j 1.2 bridge adds org.apache.log4j.helpers.Loader.
> • : Log4j 1.2 bridge adds org.apache.log4j.spi.RootLogger.
> • : Log4j 1.2 bridge class Category is missing some protected instance
> variables.
> • : Log4j 1.2 bridge adds org.apache.log4j.Hierarchy.
> • : Log4j 1.2 bridge methods Category.getChainedPriority() and
> getEffectiveLevel() should not be final.
> • : Log4j 1.2 bridge adds org.apache.log4j.spi.NOPLoggerRepository and
> NOPLogger.
> • : Log4j 1.2 bridge adds org.apache.log4j.spi.DefaultRepositorySelector.
> • : Log4j 1.2 bridge implements LogManager.getCurrentLoggers() fully.
> • LOG4J2-3326: Log4j 1.2 bridge fixes parsing filters in properties
> configuration file #680. Thanks to Benjamin Röhl, Gary Gregory.
> • LOG4J2-3326: Log4j 1.2 bridge missing
> OptionConverter.instantiateByKey(Properties, String, Class, Object). Thanks
> to Gary Gregory.
> • LOG4J2-3326: Log4j 1.2 bridge class org.apache.log4j.spi.LoggingEvent
> missing constructors and public instance variable. Thanks to Gary Gregory.
> • LOG4J2-3328: Log4j 1.2 bridge does not support system properties in
> log4j.xml. Thanks to Gary Gregory.
> • : Log4j 1.2 bridge now logs a warning instead of throwing an
> NullPointerException when building a Syslog appender with a missing
> "SyslogHost" param. Thanks to Gary Gregory.
> • : Log4j 1.2 bridge should allow property and XML attributes to start
> with either an upper-case or lower-case letter. Thanks to Gary Gregory, Piotr
> P. Karwasz.
> • : Log4j 1.2 bridge uses the wrong default values for a TTCCLayout #709.
> Thanks to Gary Gregory, Piotr P. Karwasz.
> • : Log4j 1.2 bridge throws ClassCastException when using SimpleLayout
> and others #708. Thanks to Gary Gregory, Piotr P. Karwasz.
> • : Log4j 1.2 bridge uses the wrong file pattern for rolling file
> appenders #710. Thanks to Gary Gregory, Piotr P. Karwasz.
> • : Log4j 1.2 bridge throws ClassCastException when using SimpleLayout
> and others #708. Thanks to Gary Gregory, Piotr P. Karwasz.
> • : Log4j 1.2 bridge creates a SocketAppender instead of a
> SyslogAppender. Thanks to Gary Gregory.
> • : Log4j 1.2 bridge uses some incorrect default property values in some
> appenders. Thanks to Piotr P. Karwasz.
> • : Log4j 1.2 bridge supports the SocketAppender. Thanks to Gary Gregory.
> • : Log4j 1.2 bridge missing DefaultThrowableRenderer. Thanks to Gary
> Gregory.
> • : Log4j 1.2 bridge missing some ThrowableInformation constructors.
> Thanks to Gary Gregory.
> • : Log4j 1.2 bridge missing some LocationInfo constructors. Thanks to
> Gary Gregory.
> • : Log4j 1.2 bridge missed Thanks to Gary Gregory.
> • : Log4j 1.2 bridge missed org.apache.log4j.pattern.FormattingInfo.
> Thanks to Gary Gregory.
> • : Log4j 1.2 bridge missed org.apache.log4j.pattern.NameAbbreviator.
> Thanks to Gary Gregory.
> • : Log4j 1.2 bridge missing UtilLoggingLevel. Thanks to Gary Gregory.
> • : Log4j 1.2 bridge missing FormattingInfo. Thanks to Gary Gregory.
> • : Log4j 1.2 bridge missing PatternConverter. Thanks to Gary Gregory.
> • : Log4j 1.2 bridge missing PatternParser. Thanks to Gary Gregory.
> • : Log4j 1.2 bridge issues with filters #753. Thanks to ppkarwasz, Gary
> Gregory.
> • : Log4j 1.2 bridge implements most of DOMConfigurator. Thanks to Gary
> Gregory.
> • : JndiManager reverts to 2.17.0 behavior: Read the system property for
> each call.
> • LOG4J2-3330: Configurator.setLevel not fetching the correct
> LoggerContext. Thanks to Mircea Lemnaru, Gary Gregory.
> • : Fix DTD error: Add missing ELEMENT for Marker.
> • : Fix log4j-jakarta-web service file #723. Thanks to Gary Gregory,
> Piotr P. Karwasz.
> • LOG4J2-3392: AppenderLoggingException logging any exception to a
> MongoDB Appender. Thanks to Gary Gregory, Omer U.
> • LOG4J2-3392: Possible NullPointerException in MongoDb4DocumentObject,
> MongoDbDocumentObject, DefaultNoSqlObject. Thanks to Gary Gregory.
> • : Trim whitespace before parsing a String into an Integer. Thanks to
> Gary Gregory.
> • LOG4J2-3410: Log4j 1.2 bridge throws a ClassCastException when logging
> a Map with non-String keys. Thanks to Barry Sham, Gary Gregory.
> • LOG4J2-3407: Log4j 1.2 bridge Check for non-existent appender when
> parsing properties #761. Thanks to Kenny MacLeod.
> • LOG4J2-3407: Log4j 1.2 bridge supports global threshold #764. Thanks to
> Piotr P. Karwasz.
> Changes
> • LOG4J2-3267: Change modifier of method
> org.apache.logging.log4j.core.tools.Generate#generate to public (was package
> private) to facilitate automated code generation.
> Apache Log4j 2.17.2 requires a minimum of Java 8 to build and run. Log4j
> 2.12.4 is the last release to support Java 7. Log4j 2.3.2 is the last release
> to support Java 6. Java 6 and Java 7 are no longer supported by the Log4j
> team.
> For complete information on Apache Log4j 2, including instructions on how to
> submit bug reports, patches, or suggestions for improvement, see the Apache
> Apache Log4j 2 website:
> https://logging.apache.org/log4j/2.x/
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
