Upgrade to Log4j 2.8.2

This commit upgrades the Log4j dependencies from version 2.7 to version 2.8.2. This release includes a fix for a case where Log4j could lose exceptions in the presence of a security manager. Relates #23995
2017-04-09 07:19:16 -04:00 · 2017-04-09 07:19:16 -04:00 · 61c5976aee
parent 5c8d5677a4
commit 61c5976aee
9 changed files with 10 additions and 8 deletions
--- a/buildSrc/version.properties
+++ b/buildSrc/version.properties
@ -8,7 +8,7 @@ jts               = 1.13
 jackson           = 2.8.6
 snakeyaml         = 1.15
 # When updating log4j, please update also docs/java-api/index.asciidoc
-log4j             = 2.7
+log4j             = 2.8.2
 slf4j             = 1.6.2
 jna               = 4.4.0

--- a/core/build.gradle
+++ b/core/build.gradle
@ -231,9 +231,11 @@ thirdPartyAudit.excludes = [
  'org.apache.commons.compress.utils.IOUtils',
  'org.apache.commons.csv.CSVFormat',
  'org.apache.commons.csv.QuoteMode',
+  'org.apache.kafka.clients.producer.Callback',
  'org.apache.kafka.clients.producer.KafkaProducer',
  'org.apache.kafka.clients.producer.Producer',
  'org.apache.kafka.clients.producer.ProducerRecord',
+  'org.apache.kafka.clients.producer.RecordMetadata',
  'org.codehaus.stax2.XMLStreamWriter2',
  'org.jctools.queues.MessagePassingQueue$Consumer',
  'org.jctools.queues.MpscArrayQueue',
--- a/core/licenses/log4j-1.2-api-2.7.jar.sha1
+++ b/core/licenses/log4j-1.2-api-2.7.jar.sha1
@ -1 +0,0 @@
-39f4e6c2d68d4ef8fd4b0883d165682dedd5be52
--- a/core/licenses/log4j-1.2-api-2.8.2.jar.sha1
+++ b/core/licenses/log4j-1.2-api-2.8.2.jar.sha1
@ -0,0 +1 @@
+f1543534b8413aac91fa54d1fff65dfff76818cd
--- a/core/licenses/log4j-api-2.7.jar.sha1
+++ b/core/licenses/log4j-api-2.7.jar.sha1
@ -1 +0,0 @@
-8de00e382a817981b737be84cb8def687d392963
--- a/core/licenses/log4j-api-2.8.2.jar.sha1
+++ b/core/licenses/log4j-api-2.8.2.jar.sha1
@ -0,0 +1 @@
+e590eeb783348ce8ddef205b82127f9084d82bf3
--- a/core/licenses/log4j-core-2.7.jar.sha1
+++ b/core/licenses/log4j-core-2.7.jar.sha1
@ -1 +0,0 @@
-a3f2b4e64c61a7fc1ed8f1e5ba371933404ed98a
--- a/core/licenses/log4j-core-2.8.2.jar.sha1
+++ b/core/licenses/log4j-core-2.8.2.jar.sha1
@ -0,0 +1 @@
+979fc0cf8460302e4ffbfe38c1b66a99450b0bb7
--- a/docs/java-api/index.asciidoc
+++ b/docs/java-api/index.asciidoc
@ -44,12 +44,12 @@ You need to also include Log4j 2 dependencies:
 <dependency>
    <groupId>org.apache.logging.log4j</groupId>
    <artifactId>log4j-api</artifactId>
-    <version>2.7</version>
+    <version>2.8.2</version>
 </dependency>
 <dependency>
    <groupId>org.apache.logging.log4j</groupId>
    <artifactId>log4j-core</artifactId>
-    <version>2.7</version>
+    <version>2.8.2</version>
 </dependency>
 --------------------------------------------------

@ -77,12 +77,12 @@ If you want to use another logger than Log4j 2, you can use http://www.slf4j.org
 <dependency>
    <groupId>org.apache.logging.log4j</groupId>
    <artifactId>log4j-to-slf4j</artifactId>
-    <version>2.7</version>
+    <version>2.8.2</version>
 </dependency>
 <dependency>
    <groupId>org.slf4j</groupId>
    <artifactId>slf4j-api</artifactId>
-    <version>1.7.21</version>
+    <version>1.7.24</version>
 </dependency>
 --------------------------------------------------