We are currently using Storm 1.2.3, and we want to update the version of log4j2 being used. In our Maven file, we specify storm-core with version 1.2.3 and provided scope. This dependency has dependencies on log4j-api, log4j-core, slf4j-log4j-impl, etc. The provided version of these dependencies is 2.8.2. I have tried declaring the log4j dependencies in our top level pom.xml with version 2.13.2 and compile scope, and have excluded these dependencies from the storm-core dependency. Regardless, when submitting our Storm topology, we always get the issue:
SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/bb/bin/package/a/apache-storm-1.2.3/1.2.3-3+b20200407T00292257/libexec/apache-storm-1.2.3/lib/log4j-slf4j-impl-2.8.2.jar!/org/slf4j/impl/StaticLoggerBinder.class] ................. The 2.8.2 version of log4j2 is always used. So it doesn't seem like excluding provided transient dependencies is working as hoped. How can we update log4j2 to version 2.13.2 for our topology?
