Log4j version upgrade scheme in springboot - Code World

Log4j version upgrade scheme in springboot

Enterprise 2023-04-08 23:34:16 views: null

In view of the log4j2 vulnerability, the project requires either to replace all log4j, or to upgrade log4j to a safe version, because the log4j 1 version has long been deprecated, and the versions affected by the log4j2 vulnerability are: log4j 2.0<2.4.1, 2.4<2.12.2, 2.13. 0<2.16.0, the analysis and solution process is as follows:

Analyze the log4j used in the project through the maven management tool, click on the idea:

The structure shown in the following figure appears:

In the region world shift + f search log4j:

Click to find the log4j-related package, double-click to view the log4j version, the result is 2.13.3 is within the scope of the vulnerability, remove the log4j-api method:

Remove the log4j-api dependency that comes with springboot

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
    <exclusions>
            <exclusion>
                <groupId>org.apache.logging.log4j</groupId>
                <artifactId>log4j-api</artifactId>
            </exclusion>
    </exclusions>
</dependency>

Guess you like

Origin blog.csdn.net/weixin_41267342/article/details/122715853

Log4j version upgrade scheme in springboot

Log4j vulnerability solution (upgrade to version 2.15.0 or later)

springboot log4j upgrade log4j2

Upgrade log4j 2.x version cache asynchronous configuration interpretation

10. Upgrade the log4j version of ES-7.8.0

springboot log log4j

Use log4j log in springboot

Configure log4j log in SpringBoot

springboot和log4j

springboot Log4j configuration (printing log output console)

JAVA - SpringBoot project MyBatis configuration log4j log

Maven packaging error, log4j version leads

java---springboot integrates log4j to step on the pit

Log conflict between log4j and slf4j-log4j12 in springboot dubbo framework

log4j does not output in springboot, and controls the third-party log level

The Echart version is too old, upgrade to the latest version (echarts version 4 upgrade to version 5)

Log4j version 1.x lead to blocked thread deadlock issues (2008)

Conflict between log4j and logback of SpringBoot framework to build error records

SpringBoot-日志简介以及Log4j 1.x 版本

springboot a certification scheme

[Record] SpringBoot 2.X integration Log4j no output INFO, DEBUG and other log information solutions

Lessons learned from Log4j security vulnerabilities, and the version of open source components commonly used in the work to avoid pitfalls

Log4j releases new version 2.16.0, completely removing Message Lookups; easily upgrades with one line of configuration

springboot log4j upgrade log4j2

springboot log4j upgrade log4j2

springboot log4j upgrade log4j2

log4j (a)

log4j

SpringBoot implements PDF watermarking scheme

SpringBoot project current limiting scheme

Recommended

Ranking

#2019110700005

What materials and procedures are required for patent transfer

What is the blockchain Ethereum triplet state root transaction root receipt root

Front-end study notes 04 --- About the insertion of html pictures and videos

Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries

2017 Qingdao-site tournament I The Squared Mosquito Coil

[BZOJ3165][HEOI2013]Segment (line segment tree without marking)

Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju

The latest tutorial on making framework for iOS

DAX Section 6: Statistical Functions

Daily

More

2024-05-14(9)

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)