Nihal Jain created OMID-251:
-------------------------------
Summary: Bump license-maven-plugin to latest version
Key: OMID-251
URL: https://issues.apache.org/jira/browse/OMID-251
Project: Phoenix Omid
Issue Type: Task
Reporter: Nihal Jain
Attachments: out_v2.11.txt, out_v4.3.txt
In phoenix-omid pom.xml, {{maven-license-plugin.version}} is set to {{2.11}},
which was last updated 5 years ago. The plugin
{{com.mycila:license-maven-plugin}} pulls log4j-1.2.x jar.
See sample from run of {{mvn license:check}} with v{{2.11}} is as follows:
{code:java}
Downloading from central:
[https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar]
{code}
In my org, when trying to build phoenix-omid, build fails as
{{log4j:logj:1.2.x}} is strictly banned in interanl artifactory.
The goal of this JIRA is to bump the afore-mentioned mentioned plugin to latest
version, i.e.
[4.3|https://mvnrepository.com/artifact/com.mycila/license-maven-plugin], which
does not pull the log4j:log4j jar.
Full run log of {{mvn license:check}} command after clearning
\{{~/.m2/reposiitory} with
* v{{2.11}}: [^out_v2.11.txt], which pulls {{log4j-1.2.x}} jar.
* v{{4.3}}: [^out_v4.3.txt], which does not pull {{log4j-1.2.x}} jar.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
