Redirect Log4J 1.x to Log 2.x (netty#11264)

Removes flag by Whitesource vulnerability scanner Motivation: WhiteSource vulnerability scan flags the Log4J 1.x stream as vulnerable. Modification: Replaced reference to `log4j` with `log4j-1.2-api` Ran `mvn test` (on a Mac) successfully Result: Fixes netty#11263
raidyue · Jul 8, 2022 · 3c1a85e · 3c1a85e
1 parent 8171fee
commit 3c1a85e
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/common/pom.xml b/common/pom.xml
@@ -64,8 +64,8 @@
       <optional>true</optional>
     </dependency>
     <dependency>
-      <groupId>log4j</groupId>
-      <artifactId>log4j</artifactId>
+      <groupId>org.apache.logging.log4j</groupId>
+      <artifactId>log4j-1.2-api</artifactId>
       <optional>true</optional>
     </dependency>
     <dependency>

diff --git a/pom.xml b/pom.xml
@@ -728,9 +728,9 @@
         <version>${log4j2.version}</version>
       </dependency>
       <dependency>
-        <groupId>log4j</groupId>
-        <artifactId>log4j</artifactId>
-        <version>1.2.17</version>
+        <groupId>org.apache.logging.log4j</groupId>
+        <artifactId>log4j-1.2-api</artifactId>
+        <version>2.14.1</version>
         <exclusions>
           <exclusion>
             <artifactId>mail</artifactId>