Hi Mitchell, Does your "mvn dependency:tree" contain the unwanted logging library? If yes, that's strange. Maven does not automatically include Provided transitive dependencies as far as I know. If not, then it's Storm that brought the library by reading the dependency graph in their way.
On Thu, May 28, 2020 at 1:41 PM Mitchell Rathbun (BLOOMBERG/ 731 LEX) < mrathb...@bloomberg.net> wrote: > We are currently using Storm 1.2.3, and we want to update the version of > log4j2 being used. In our Maven file, we specify storm-core with version > 1.2.3 and provided scope. This dependency has dependencies on log4j-api, > log4j-core, slf4j-log4j-impl, etc. The provided version of these > dependencies is 2.8.2. I have tried declaring the log4j dependencies in our > top level pom.xml with version 2.13.2 and compile scope, and have excluded > these dependencies from the storm-core dependency. Regardless, when > submitting our Storm topology, we always get the issue: > > SLF4J: Class path contains multiple SLF4J bindings. > SLF4J: Found binding in > [jar:file:/bb/bin/package/a/apache-storm-1.2.3/1.2.3-3+b20200407T00292257/libexec/apache-storm-1.2.3/lib/log4j-slf4j-impl-2.8.2.jar!/org/slf4j/impl/StaticLoggerBinder.class] > ................. > > The 2.8.2 version of log4j2 is always used. So it doesn't seem like > excluding provided transient dependencies is working as hoped. How can we > update the transient log4j2 dependencies that are brought in with provided > scope by the storm-core dependency? -- Regards, Tomo
