Yadav :
We are using hadoop-hdfs 3.2.1 jar and it has a transitive dependency on log4j 1.2.17 . In our central NexusIQ scan, it's giving a level 9 issue for log4j dependency. Is there a way to override log4j to log4j2 or any other solution. I tried dependency management but there is no jar in log4j2 with artifact id log4j to override the transitive dependency.
Yadav :
I did manage to solve the similar issue for hbase-shaded-client jar where I had to exclude log4j 1.2.17 dependency.
For that, I did this.
<dependency>
<groupId>org.apache.hbase</groupId>
<artifactId>hbase-client</artifactId>
<version>...</version>
<exclusions>
<exclusion>
<artifactId>log4j</artifactId>
<groupId>log4j</groupId>
</exclusion>
</exclusions>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
<version>1.7.25</version>
It worked.
Guess you like
Origin http://43.154.161.224:23101/article/api/json?id=358661&siteId=1