From 7c955a19dce2e7ea95e15a5c578e7e71d0d4a238 Mon Sep 17 00:00:00 2001
From: "Stephan H. Wissel" <stw@linux.com>
Date: Tue, 18 May 2021 18:42:48 +0800
Subject: [PATCH] Redirect Log4J 1.x to Log 2.x (#11264)

Removes flag by Whitesource vulnerability scanner

Motivation:

WhiteSource vulnerability scan flags the Log4J 1.x stream as vulnerable.

Modification:

Replaced reference to `log4j` with `log4j-1.2-api`
Ran `mvn test` (on a Mac) successfully

Result:

Fixes #11263
---
 common/pom.xml | 4 ++--
 pom.xml        | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/common/pom.xml b/common/pom.xml
index 15a5dc12679..a930b94f1bd 100644
--- a/common/pom.xml
+++ b/common/pom.xml
@@ -64,8 +64,8 @@
       <optional>true</optional>
     </dependency>
     <dependency>
-      <groupId>log4j</groupId>
-      <artifactId>log4j</artifactId>
+      <groupId>org.apache.logging.log4j</groupId>
+      <artifactId>log4j-1.2-api</artifactId>
       <optional>true</optional>
     </dependency>
     <dependency>
diff --git a/pom.xml b/pom.xml
index 65bf96fb69c..cad02b50043 100644
--- a/pom.xml
+++ b/pom.xml
@@ -728,9 +728,9 @@
         <version>${log4j2.version}</version>
       </dependency>
       <dependency>
-        <groupId>log4j</groupId>
-        <artifactId>log4j</artifactId>
-        <version>1.2.17</version>
+        <groupId>org.apache.logging.log4j</groupId>
+        <artifactId>log4j-1.2-api</artifactId>
+        <version>2.14.1</version>
         <exclusions>
           <exclusion>
             <artifactId>mail</artifactId>