Hi Valdimir,
How we can upgrade Log4J to 2.25.3 with "renovate bot"?
Or we can just do it manually?
Milamber
===
$ git diff
diff --git a/src/bom-thirdparty/build.gradle.kts
b/src/bom-thirdparty/build.gradle.kts
index 4ebfc057ba..d0d8d88c80 100644
--- a/src/bom-thirdparty/build.gradle.kts
+++ b/src/bom-thirdparty/build.gradle.kts
@@ -112,10 +112,10 @@ dependencies {
api("org.apache.httpcomponents:httpcore-nio:4.4.16")
api("org.apache.httpcomponents:httpcore:4.4.16")
api("org.apache.httpcomponents:httpmime:4.5.14")
- api("org.apache.logging.log4j:log4j-1.2-api:2.25.2")
- api("org.apache.logging.log4j:log4j-api:2.25.2")
- api("org.apache.logging.log4j:log4j-core:2.25.2")
- api("org.apache.logging.log4j:log4j-slf4j2-impl:2.25.2")
+ api("org.apache.logging.log4j:log4j-1.2-api:2.25.3")
+ api("org.apache.logging.log4j:log4j-api:2.25.3")
+ api("org.apache.logging.log4j:log4j-core:2.25.3")
+ api("org.apache.logging.log4j:log4j-slf4j2-impl:2.25.3")
api("org.apache.rat:apache-rat:0.17")
api("org.apache.tika:tika-core:3.2.3")
api("org.apache.tika:tika-parsers:3.2.3")
diff --git a/src/dist/src/dist/expected_release_jars.csv
b/src/dist/src/dist/expected_release_jars.csv
index 931e086ec4..10e8fc8e11 100644
--- a/src/dist/src/dist/expected_release_jars.csv
+++ b/src/dist/src/dist/expected_release_jars.csv
@@ -102,10 +102,10 @@
675271,kotlinx-datetime-jvm-0.6.2.jar
996,lets-plot-batik-4.8.0.jar
996,lets-plot-common-4.8.0.jar
-358528,log4j-1.2-api-2.25.2.jar
-349595,log4j-api-2.25.2.jar
-2018265,log4j-core-2.25.2.jar
-30232,log4j-slf4j2-impl-2.25.2.jar
+358528,log4j-1.2-api-2.25.3.jar
+349595,log4j-api-2.25.3.jar
+2018265,log4j-core-2.25.3.jar
+30232,log4j-slf4j2-impl-2.25.3.jar
519087,mail-1.5.0-b01.jar
120438,miglayout-core-11.4.2.jar
23287,miglayout-swing-11.4.2.jar
====
On 29/10/2025 22:18, renovate-bot (via GitHub) wrote:
renovate-bot opened a new pull request, #6557:
URL: https://github.com/apache/jmeter/pull/6557
This PR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
|
[org.apache.logging.log4j:log4j-slf4j2-impl](https://logging.apache.org/log4j/2.x/)
([source](https://redirect.github.com/apache/logging-log4j2)) | `2.22.1` ->
`2.25.2` |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
| [org.apache.logging.log4j:log4j-core](https://logging.apache.org/log4j/2.x/)
([source](https://redirect.github.com/apache/logging-log4j2)) | `2.22.1` ->
`2.25.2` |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
| [org.apache.logging.log4j:log4j-api](https://logging.apache.org/log4j/2.x/)
([source](https://redirect.github.com/apache/logging-log4j2)) | `2.22.1` ->
`2.25.2` |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
|
[org.apache.logging.log4j:log4j-1.2-api](https://logging.apache.org/log4j/2.x/)
([source](https://redirect.github.com/apache/logging-log4j2)) | `2.22.1` ->
`2.25.2` |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
---
### Configuration
📅 **Schedule**: Branch creation - "every 3 weeks on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/apache/jmeter).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTkuNCIsInVwZGF0ZWRJblZlciI6IjQxLjE1OS40IiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->
