You are viewing a plain text version of this content. The canonical link for it is here.
Posted to gitbox@activemq.apache.org by GitBox <gi...@apache.org> on 2022/02/22 18:30:39 UTC

[GitHub] [activemq] gemmellr commented on a change in pull request #662: [AMQ-7426] Upgrade to log4j2

gemmellr commented on a change in pull request #662:
URL: https://github.com/apache/activemq/pull/662#discussion_r812241660



##########
File path: activemq-shiro/pom.xml
##########
@@ -100,13 +94,19 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-log4j12</artifactId>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-slf4j-impl</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>log4j</groupId>
-            <artifactId>log4j</artifactId>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-core</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>commons-logging</groupId>
+            <artifactId>commons-logging</artifactId>
+            <version>1.0</version>

Review comment:
       The commons-logging version was managed by a dependencyManagement until the PR removed it, and this module previously specified a dep using that same property, which was set to 1.2...why specify a fixed version here, and one which is older than that used before on existing releases?

##########
File path: pom.xml
##########
@@ -442,29 +441,6 @@
       <!-- =============================== -->
       <!-- Required dependencies -->
       <!-- =============================== -->
-      <dependency>
-        <groupId>commons-logging</groupId>
-        <artifactId>commons-logging</artifactId>
-        <version>${commons-logging-version}</version>
-        <exclusions>
-          <exclusion>
-            <groupId>avalon-framework</groupId>
-            <artifactId>avalon-framework</artifactId>
-          </exclusion>
-          <exclusion>
-            <groupId>logkit</groupId>
-            <artifactId>logkit</artifactId>
-          </exclusion>
-          <exclusion>
-            <groupId>log4j</groupId>
-            <artifactId>log4j</artifactId>
-          </exclusion>
-          <exclusion>
-            <groupId>javax.servlet</groupId>
-            <artifactId>servlet-api</artifactId>
-          </exclusion>
-        </exclusions>
-      </dependency>

Review comment:
       Removal of this very long standing set of (https://github.com/apache/activemq/commit/735dc7a230b15044c7fcefbe1f762b5ed13b3132) exclusions is presumably why all the log4j dependencies popped up for things referencing activeio. which uses commons-logging.
   
   Removal of the dependencyManagement entry also explains why the instances of commons-logging are older than those present in 5.16.4




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@activemq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org