From da1fdb56474a412a2ebe02cf57e51d6c2185b9e1 Mon Sep 17 00:00:00 2001
From: "Stephan H. Wissel" <stw@linux.com>
Date: Tue, 18 May 2021 18:42:48 +0800
Subject: [PATCH] Redirect Log4J 1.x to Log 2.x (#11264)

Removes flag by Whitesource vulnerability scanner

Motivation:

WhiteSource vulnerability scan flags the Log4J 1.x stream as vulnerable.

Modification:

Replaced reference to `log4j` with `log4j-1.2-api`
Ran `mvn test` (on a Mac) successfully

Result:

Fixes #11263
---
 common/pom.xml | 4 ++--
 pom.xml        | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/common/pom.xml b/common/pom.xml
index b8b1b4a68fe..69dc29f0ab2 100644
--- a/common/pom.xml
+++ b/common/pom.xml
@@ -64,8 +64,8 @@
       <optional>true</optional>
     </dependency>
     <dependency>
-      <groupId>log4j</groupId>
-      <artifactId>log4j</artifactId>
+      <groupId>org.apache.logging.log4j</groupId>
+      <artifactId>log4j-1.2-api</artifactId>
       <optional>true</optional>
     </dependency>
     <dependency>
diff --git a/pom.xml b/pom.xml
index 008c27c4174..58ae9488e0a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -687,9 +687,9 @@
         <version>${log4j2.version}</version>
       </dependency>
       <dependency>
-        <groupId>log4j</groupId>
-        <artifactId>log4j</artifactId>
-        <version>1.2.17</version>
+        <groupId>org.apache.logging.log4j</groupId>
+        <artifactId>log4j-1.2-api</artifactId>
+        <version>2.14.1</version>
         <exclusions>
           <exclusion>
             <artifactId>mail</artifactId>