This is an automated email from the ASF dual-hosted git repository.
tallison pushed a commit to branch branch_2x
in repository https://gitbox.apache.org/repos/asf/tika.git
The following commit(s) were added to refs/heads/branch_2x by this push:
new 6685af321 TIKA-4348 -- downgrade log4j2 (#2043)
6685af321 is described below
commit 6685af3210f0c39cdf1cf53f003c6ac90d80e705
Author: Tim Allison <[email protected]>
AuthorDate: Wed Nov 13 10:35:14 2024 -0500
TIKA-4348 -- downgrade log4j2 (#2043)
(cherry picked from commit 932edbaff3b69034e4840033dfa9019dddbb10fc)
---
tika-parent/pom.xml | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/tika-parent/pom.xml b/tika-parent/pom.xml
index d6bfed4f1..4aca34183 100644
--- a/tika-parent/pom.xml
+++ b/tika-parent/pom.xml
@@ -370,7 +370,7 @@
<junit5.version>5.11.3</junit5.version>
<junrar.version>7.5.5</junrar.version>
<libpst.version>0.9.3</libpst.version>
- <log4j2.version>2.24.1</log4j2.version>
+ <log4j2.version>2.24.0</log4j2.version>
<lombok.version>1.18.20</lombok.version>
<!-- lucene >= 9.x requires Java 11 -->
<lucene.version>8.11.4</lucene.version>
@@ -1246,7 +1246,14 @@
<rules>
<bannedDependencies>
<excludes>
+ <!-- log4shell -->
<exclude>org.apache.logging.log4j:log4j-core:(,2.17.1)</exclude>
+ <!--
+ https://github.com/apache/logging-log4j2/issues/3143
+ https://github.com/apache/logging-log4j2/issues/3196
+ -->
+
<exclude>org.apache.logging.log4j:log4j-core:[2.24.1]</exclude>
+
<exclude>org.apache.logging.log4j:log4j-api:[2.24.1]</exclude>
</excludes>
</bannedDependencies>
</rules>
