Upgrade log4j to last version

Question

I'm using grails 2.5.x and i want to update log4j

I added

dependencies {
    compile group: 'org.apache.logging.log4j', name: 'log4j-1.2-api', version: '2.17.0'
    compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.17.0'
    compile group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.17.0'
    compile group: 'org.slf4j', name: 'log4j-over-slf4j', version: '1.7.32'
    compile group: 'org.slf4j', name: 'slf4j-api', version: '1.7.32'
}

grails.war.resources = { stagingDir ->
    delete(file:"${stagingDir}/WEB-INF/lib/log4j-1.2.17.jar")
}

when I execute grails run-app works but when I create the war file and deploy in tomcat:

Caused by: groovy.lang.GroovyRuntimeException: failed to invoke constructor: public org.apache.log4j.PatternLayout(java.lang.String) with arguments: [] reason: java.lang.IllegalArgumentException: wrong number of arguments

Are you doing this because you believe log4j-1.2.17 is affected by the recently announced CVE? — Jeff Scott Brown
I think the issue is with log4j 2, not 1. Is that correct? — Jeff Scott Brown
We have published some relevant information at grails.org/blog/2021-12-14-log4j2-cve.html. — Jeff Scott Brown
A similar question has been posed at stackoverflow.com/questions/70349898/…. — Jeff Scott Brown

user2771154 user2771154 · Accepted Answer · 2021-12-22T05:16:32

0

votes

seems we cant to remove log4j:1.2.17 to our lib :(

Upgrade log4j to last version

1 Answers