PLUTO-787 Migrate from Log4j 1.x to Log4j 2.x due to CVE-2019-17571
diff --git a/demo/applicant-mvcbean-cdi-jsp-portlet/pom.xml b/demo/applicant-mvcbean-cdi-jsp-portlet/pom.xml
index f8a83ab..cede119 100644
--- a/demo/applicant-mvcbean-cdi-jsp-portlet/pom.xml
+++ b/demo/applicant-mvcbean-cdi-jsp-portlet/pom.xml
@@ -104,8 +104,8 @@
<scope>provided</scope>
</dependency>
<dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-slf4j-impl</artifactId>
</dependency>
</dependencies>
</project>
diff --git a/demo/applicant-mvcbean-cdi-jsp-portlet/src/main/resources/log4j.properties b/demo/applicant-mvcbean-cdi-jsp-portlet/src/main/resources/log4j.properties
deleted file mode 100644
index 36456b0..0000000
--- a/demo/applicant-mvcbean-cdi-jsp-portlet/src/main/resources/log4j.properties
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-#
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-######################################################################
-log4j.rootLogger=INFO, R
-log4j.appender.R=org.apache.log4j.ConsoleAppender
-log4j.appender.R.layout=org.apache.log4j.PatternLayout
-log4j.appender.R.layout.ConversionPattern=%d{ABSOLUTE} %-5p [%c{1}:%L] %m%n
-log4j.logger.org.apache.portals.pluto.demo.applicant.mvcbean.cdi.jsp=DEBUG
diff --git a/demo/applicant-mvcbean-cdi-jsp-portlet/src/main/resources/log4j2.properties b/demo/applicant-mvcbean-cdi-jsp-portlet/src/main/resources/log4j2.properties
new file mode 100644
index 0000000..5e94752
--- /dev/null
+++ b/demo/applicant-mvcbean-cdi-jsp-portlet/src/main/resources/log4j2.properties
@@ -0,0 +1,17 @@
+status=error
+name=PropertiesConfig
+
+appender.console.name=STDOUT
+appender.console.layout.pattern=%d{ABSOLUTE} %-5p [%c{1}:%L] %m%n
+appender.console.layout.type=PatternLayout
+appender.console.target=SYSTEM_OUT
+appender.console.type=Console
+
+logger.controller.name=org.apache.portals.pluto.demo.applicant.mvcbean.cdi.jsp.controller
+logger.controller.level=debug
+logger.controller.additivity=false
+logger.controller.appenderRef.console.ref=STDOUT
+
+rootLogger.level=error
+rootLogger.additivity=false
+rootLogger.appenderRef.console.ref=STDOUT
\ No newline at end of file
diff --git a/demo/applicant-mvcbean-cdi-thymeleaf-portlet/pom.xml b/demo/applicant-mvcbean-cdi-thymeleaf-portlet/pom.xml
index fec60c0..371179c 100644
--- a/demo/applicant-mvcbean-cdi-thymeleaf-portlet/pom.xml
+++ b/demo/applicant-mvcbean-cdi-thymeleaf-portlet/pom.xml
@@ -103,8 +103,8 @@
<version>${project.version}</version>
</dependency>
<dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-slf4j-impl</artifactId>
</dependency>
</dependencies>
</project>
diff --git a/demo/applicant-mvcbean-cdi-thymeleaf-portlet/src/main/resources/log4j.properties b/demo/applicant-mvcbean-cdi-thymeleaf-portlet/src/main/resources/log4j.properties
deleted file mode 100644
index c604072..0000000
--- a/demo/applicant-mvcbean-cdi-thymeleaf-portlet/src/main/resources/log4j.properties
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-#
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-######################################################################
-log4j.rootLogger=INFO, R
-log4j.appender.R=org.apache.log4j.ConsoleAppender
-log4j.appender.R.layout=org.apache.log4j.PatternLayout
-log4j.appender.R.layout.ConversionPattern=%d{ABSOLUTE} %-5p [%c{1}:%L] %m%n
-log4j.logger.org.apache.portals.pluto.demo.applicant.mvcbean.cdi.thymeleaf=DEBUG
diff --git a/demo/applicant-mvcbean-cdi-thymeleaf-portlet/src/main/resources/log4j2.properties b/demo/applicant-mvcbean-cdi-thymeleaf-portlet/src/main/resources/log4j2.properties
new file mode 100644
index 0000000..35626bd
--- /dev/null
+++ b/demo/applicant-mvcbean-cdi-thymeleaf-portlet/src/main/resources/log4j2.properties
@@ -0,0 +1,17 @@
+status=error
+name=PropertiesConfig
+
+appender.console.name=STDOUT
+appender.console.layout.pattern=%d{ABSOLUTE} %-5p [%c{1}:%L] %m%n
+appender.console.layout.type=PatternLayout
+appender.console.target=SYSTEM_OUT
+appender.console.type=Console
+
+logger.controller.name=org.apache.portals.pluto.demo.applicant.mvcbean.cdi.thymeleaf
+logger.controller.level=debug
+logger.controller.additivity=false
+logger.controller.appenderRef.console.ref=STDOUT
+
+rootLogger.level=error
+rootLogger.additivity=false
+rootLogger.appenderRef.console.ref=STDOUT
\ No newline at end of file
diff --git a/maven-archetypes/bean-portlet-archetype/src/main/resources/archetype-resources/build.gradle b/maven-archetypes/bean-portlet-archetype/src/main/resources/archetype-resources/build.gradle
index 3200268..8e8e1f4 100644
--- a/maven-archetypes/bean-portlet-archetype/src/main/resources/archetype-resources/build.gradle
+++ b/maven-archetypes/bean-portlet-archetype/src/main/resources/archetype-resources/build.gradle
@@ -6,7 +6,7 @@
dependencies {
compile group: 'org.slf4j', name: 'slf4j-api', version:'1.7.25'
- compile group: 'org.slf4j', name: 'slf4j-log4j12', version:'1.7.25'
+ compile group: 'org.apache.logging.log4j', name: 'log4j-slf4j-impl', version:'2.14.1'
providedCompile group: 'javax.portlet', name: 'portlet-api', version:'3.0.0'
}
diff --git a/maven-archetypes/bean-portlet-archetype/src/main/resources/archetype-resources/pom.xml b/maven-archetypes/bean-portlet-archetype/src/main/resources/archetype-resources/pom.xml
index 29bcbeb..cab4356 100644
--- a/maven-archetypes/bean-portlet-archetype/src/main/resources/archetype-resources/pom.xml
+++ b/maven-archetypes/bean-portlet-archetype/src/main/resources/archetype-resources/pom.xml
@@ -47,9 +47,9 @@
<version>1.7.25</version>
</dependency>
<dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- <version>1.7.25</version>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-slf4j-impl</artifactId>
+ <version>2.14.1</version>
<scope>runtime</scope>
</dependency>
</dependencies>
diff --git a/maven-archetypes/generic-portlet-archetype/src/main/resources/archetype-resources/build.gradle b/maven-archetypes/generic-portlet-archetype/src/main/resources/archetype-resources/build.gradle
index 3200268..8e8e1f4 100644
--- a/maven-archetypes/generic-portlet-archetype/src/main/resources/archetype-resources/build.gradle
+++ b/maven-archetypes/generic-portlet-archetype/src/main/resources/archetype-resources/build.gradle
@@ -6,7 +6,7 @@
dependencies {
compile group: 'org.slf4j', name: 'slf4j-api', version:'1.7.25'
- compile group: 'org.slf4j', name: 'slf4j-log4j12', version:'1.7.25'
+ compile group: 'org.apache.logging.log4j', name: 'log4j-slf4j-impl', version:'2.14.1'
providedCompile group: 'javax.portlet', name: 'portlet-api', version:'3.0.0'
}
diff --git a/maven-archetypes/generic-portlet-archetype/src/main/resources/archetype-resources/pom.xml b/maven-archetypes/generic-portlet-archetype/src/main/resources/archetype-resources/pom.xml
index 29bcbeb..cab4356 100644
--- a/maven-archetypes/generic-portlet-archetype/src/main/resources/archetype-resources/pom.xml
+++ b/maven-archetypes/generic-portlet-archetype/src/main/resources/archetype-resources/pom.xml
@@ -47,9 +47,9 @@
<version>1.7.25</version>
</dependency>
<dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- <version>1.7.25</version>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-slf4j-impl</artifactId>
+ <version>2.14.1</version>
<scope>runtime</scope>
</dependency>
</dependencies>
diff --git a/maven-archetypes/mvcbean-jsp-portlet-archetype/src/main/resources/archetype-resources/build.gradle b/maven-archetypes/mvcbean-jsp-portlet-archetype/src/main/resources/archetype-resources/build.gradle
index 00577d4..ec5a93c 100644
--- a/maven-archetypes/mvcbean-jsp-portlet-archetype/src/main/resources/archetype-resources/build.gradle
+++ b/maven-archetypes/mvcbean-jsp-portlet-archetype/src/main/resources/archetype-resources/build.gradle
@@ -6,7 +6,7 @@
dependencies {
compile group: 'org.slf4j', name: 'slf4j-api', version:'1.7.25'
- compile group: 'org.slf4j', name: 'slf4j-log4j12', version:'1.7.25'
+ compile group: 'org.apache.logging.log4j', name: 'log4j-slf4j-impl', version:'2.14.1'
compile group: 'org.apache.taglibs', name: 'taglibs-standard-jstlel', version:'1.2.1'
providedCompile group: 'javax.mvc', name: 'javax.mvc-api', version:'1.0-pfd'
providedCompile group: 'javax.portlet', name: 'portlet-api', version:'3.0.0'
diff --git a/maven-archetypes/mvcbean-jsp-portlet-archetype/src/main/resources/archetype-resources/pom.xml b/maven-archetypes/mvcbean-jsp-portlet-archetype/src/main/resources/archetype-resources/pom.xml
index 03bb63e..371dfa5 100644
--- a/maven-archetypes/mvcbean-jsp-portlet-archetype/src/main/resources/archetype-resources/pom.xml
+++ b/maven-archetypes/mvcbean-jsp-portlet-archetype/src/main/resources/archetype-resources/pom.xml
@@ -101,9 +101,9 @@
<version>1.7.25</version>
</dependency>
<dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- <version>1.7.25</version>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-slf4j-impl</artifactId>
+ <version>2.14.1</version>
<scope>runtime</scope>
</dependency>
</dependencies>
diff --git a/maven-archetypes/mvcbean-thymeleaf-portlet-archetype/src/main/resources/archetype-resources/build.gradle b/maven-archetypes/mvcbean-thymeleaf-portlet-archetype/src/main/resources/archetype-resources/build.gradle
index c19017b..17a6856 100644
--- a/maven-archetypes/mvcbean-thymeleaf-portlet-archetype/src/main/resources/archetype-resources/build.gradle
+++ b/maven-archetypes/mvcbean-thymeleaf-portlet-archetype/src/main/resources/archetype-resources/build.gradle
@@ -7,7 +7,7 @@
dependencies {
compile group: 'org.apache.portals.pluto', name: 'thymeleaf-mvc-portlet-cdi', version:'3.1.0-SNAPSHOT'
compile group: 'org.slf4j', name: 'slf4j-api', version:'1.7.25'
- compile group: 'org.slf4j', name: 'slf4j-log4j12', version:'1.7.25'
+ compile group: 'org.apache.logging.log4j', name: 'log4j-slf4j-impl', version:'2.14.1'
providedCompile group: 'javax.mvc', name: 'javax.mvc-api', version:'1.0-pfd'
providedCompile group: 'javax.portlet', name: 'portlet-api', version:'3.0.0'
providedCompile group: 'javax.validation', name: 'validation-api', version:'2.0.1.Final'
diff --git a/maven-archetypes/mvcbean-thymeleaf-portlet-archetype/src/main/resources/archetype-resources/pom.xml b/maven-archetypes/mvcbean-thymeleaf-portlet-archetype/src/main/resources/archetype-resources/pom.xml
index 5e06cac..f2ef61c 100644
--- a/maven-archetypes/mvcbean-thymeleaf-portlet-archetype/src/main/resources/archetype-resources/pom.xml
+++ b/maven-archetypes/mvcbean-thymeleaf-portlet-archetype/src/main/resources/archetype-resources/pom.xml
@@ -93,9 +93,9 @@
<version>1.7.25</version>
</dependency>
<dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- <version>1.7.25</version>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-slf4j-impl</artifactId>
+ <version>2.14.1</version>
<scope>runtime</scope>
</dependency>
</dependencies>
diff --git a/pom.xml b/pom.xml
index 208d95b..f9dc618 100644
--- a/pom.xml
+++ b/pom.xml
@@ -277,6 +277,16 @@
<dependencies>
<!-- Logging =========================================== -->
<dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-core</artifactId>
+ <version>2.14.1</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-slf4j-impl</artifactId>
+ <version>2.14.1</version>
+ </dependency>
+ <dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${slf4j.version}</version>
@@ -291,16 +301,6 @@
<artifactId>jcl-over-slf4j</artifactId>
<version>${slf4j.version}</version>
</dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- <version>${slf4j.version}</version>
- </dependency>
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>1.2.17</version>
- </dependency>
<!-- Specification Libraries =========================================== -->
<dependency>
<groupId>javax.annotation</groupId>