This is an automated email from the ASF dual-hosted git repository.

wu-sheng pushed a commit to branch fix/e2e-cve-fixtures
in repository https://gitbox.apache.org/repos/asf/skywalking.git

commit 256c273b950090869240c66e247dd015c7f1aa95
Author: Wu Sheng <[email protected]>
AuthorDate: Thu Jun 18 12:38:08 2026 +0800

    Drop EOL log4j 1.x from e2e-service-provider (clear 2 CVE alerts)
    
    log4j:log4j 1.2.17 is end-of-life; one of its Dependabot alerts has NO
    patched version. The e2e provider already exercises log-to-OAP through
    log4j2 (apm-toolkit-log4j-2.x, GRPCLogClientAppender in log4j2.xml) and
    logback in parallel, so dropping the log4j 1.x path keeps log-reporting
    coverage.
    
    - pom: remove log4j:log4j + apm-toolkit-log4j-1.x deps and the 
log4j.version property
    - LogController/FileLogController: remove the log4j 1.x logger; the log4j2
      logger now imports org.apache.logging.log4j.Logger and uses the short name
    - delete log4j.properties (log4j 1.x only)
    - kafka/log filebeat+fluentd expected files: drop the log4j-1.x fileLogger 
items
      (collector path globs /tmp/skywalking-logs/*/, so no collector-config 
change)
---
 .../cases/kafka/log/expected/logs-filebeat.yml     | 31 ----------------------
 .../cases/kafka/log/expected/logs-fluentd.yml      | 21 ---------------
 .../java-test-service/e2e-service-provider/pom.xml | 11 --------
 .../e2e/controller/FileLogController.java          |  6 ++---
 .../skywalking/e2e/controller/LogController.java   |  7 ++---
 .../src/main/resources/log4j.properties            | 26 ------------------
 6 files changed, 4 insertions(+), 98 deletions(-)

diff --git a/test/e2e-v2/cases/kafka/log/expected/logs-filebeat.yml 
b/test/e2e-v2/cases/kafka/log/expected/logs-filebeat.yml
index d7cf95622a..238aedb209 100644
--- a/test/e2e-v2/cases/kafka/log/expected/logs-filebeat.yml
+++ b/test/e2e-v2/cases/kafka/log/expected/logs-filebeat.yml
@@ -48,37 +48,6 @@ logs:
   - key: agentName
     value: {{ notEmpty .value }}
   {{- end }}
-- servicename: e2e-service-provider
-  serviceid: {{ b64enc "e2e-service-provider" }}.1
-  serviceinstancename: provider1
-  serviceinstanceid: {{ b64enc "e2e-service-provider" }}.1_{{ b64enc 
"provider1" }}
-  endpointname: null
-  endpointid: null
-  traceid: {{ .traceid }}
-  timestamp: {{ gt .timestamp 0 }}
-  contenttype: TEXT
-  content: {{ regexp .content "log4j fileLogger.+"}}
-  tags:
-  {{- contains .tags }}
-  - key: level
-    value: INFO
-  - key: logger
-    value: fileLogger
-  - key: thread
-    value: {{ notEmpty .value }}
-  - key: logfile
-    value: /tmp/skywalking-logs/log4j1/e2e-service-provider.log
-  - key: hostname
-    value: {{ notEmpty .value }}
-  - key: agent
-    value: filebeat
-  - key: agentVersion
-    value: {{ notEmpty .value }}
-  - key: agentId
-    value: {{ notEmpty .value }}
-  - key: agentName
-    value: {{ notEmpty .value }}
-  {{- end }}
 - servicename: e2e-service-provider
   serviceid: {{ b64enc "e2e-service-provider" }}.1
   serviceinstancename: provider1
diff --git a/test/e2e-v2/cases/kafka/log/expected/logs-fluentd.yml 
b/test/e2e-v2/cases/kafka/log/expected/logs-fluentd.yml
index 827f51d97a..29db321612 100644
--- a/test/e2e-v2/cases/kafka/log/expected/logs-fluentd.yml
+++ b/test/e2e-v2/cases/kafka/log/expected/logs-fluentd.yml
@@ -38,27 +38,6 @@ logs:
   - key: agent
     value: fluentd
   {{- end }}
-- servicename: e2e-service-provider
-  serviceid: {{ b64enc "e2e-service-provider" }}.1
-  serviceinstancename: provider1
-  serviceinstanceid: {{ b64enc "e2e-service-provider" }}.1_{{ b64enc 
"provider1" }}
-  endpointname: null
-  endpointid: null
-  traceid: {{ .traceid }}
-  timestamp: {{ gt .timestamp 0 }}
-  contenttype: TEXT
-  content: {{ regexp .content "log4j fileLogger.+"}}
-  tags:
-  {{- contains .tags }}
-  - key: level
-    value: INFO
-  - key: logger
-    value: fileLogger
-  - key: thread
-    value: {{ notEmpty .value }}
-  - key: agent
-    value: fluentd
-  {{- end }}
 - servicename: e2e-service-provider
   serviceid: {{ b64enc "e2e-service-provider" }}.1
   serviceinstancename: provider1
diff --git a/test/e2e-v2/java-test-service/e2e-service-provider/pom.xml 
b/test/e2e-v2/java-test-service/e2e-service-provider/pom.xml
index 74b73f137c..eec89aaf0f 100644
--- a/test/e2e-v2/java-test-service/e2e-service-provider/pom.xml
+++ b/test/e2e-v2/java-test-service/e2e-service-provider/pom.xml
@@ -34,7 +34,6 @@
     <artifactId>e2e-service-provider</artifactId>
 
     <properties>
-        <log4j.version>1.2.17</log4j.version>
         <log4j2.version>2.25.4</log4j2.version>
         <logback.version>1.2.13</logback.version>
     </properties>
@@ -65,11 +64,6 @@
             <artifactId>apm-toolkit-micrometer-registry</artifactId>
             <version>8.2.0</version>
         </dependency>
-        <dependency>
-            <groupId>log4j</groupId>
-            <artifactId>log4j</artifactId>
-            <version>${log4j.version}</version>
-        </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-api</artifactId>
@@ -90,11 +84,6 @@
             <artifactId>apm-toolkit-logback-1.x</artifactId>
             <version>${sw.version}</version>
         </dependency>
-        <dependency>
-            <groupId>org.apache.skywalking</groupId>
-            <artifactId>apm-toolkit-log4j-1.x</artifactId>
-            <version>${sw.version}</version>
-        </dependency>
         <dependency>
             <groupId>org.apache.skywalking</groupId>
             <artifactId>apm-toolkit-log4j-2.x</artifactId>
diff --git 
a/test/e2e-v2/java-test-service/e2e-service-provider/src/main/java/org/apache/skywalking/e2e/controller/FileLogController.java
 
b/test/e2e-v2/java-test-service/e2e-service-provider/src/main/java/org/apache/skywalking/e2e/controller/FileLogController.java
index b02295ad45..81df2b6801 100644
--- 
a/test/e2e-v2/java-test-service/e2e-service-provider/src/main/java/org/apache/skywalking/e2e/controller/FileLogController.java
+++ 
b/test/e2e-v2/java-test-service/e2e-service-provider/src/main/java/org/apache/skywalking/e2e/controller/FileLogController.java
@@ -17,8 +17,8 @@
 
 package org.apache.skywalking.e2e.controller;
 
-import org.apache.log4j.Logger;
 import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.apache.skywalking.apm.toolkit.trace.TraceContext;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -27,13 +27,11 @@ import 
org.springframework.web.bind.annotation.RestController;
 @RestController
 public class FileLogController {
 
-    private static final Logger LOG4J_LOGGER = Logger.getLogger("fileLogger");
-    private static final org.apache.logging.log4j.Logger LOG4J2_LOGGER = 
LogManager.getLogger("fileLogger");
+    private static final Logger LOG4J2_LOGGER = 
LogManager.getLogger("fileLogger");
     private static final org.slf4j.Logger LOGBACK_LOGGER = 
LoggerFactory.getLogger("fileLogger");
 
     @RequestMapping(value = "/file/logs/trigger")
     public String trigger() {
-        LOG4J_LOGGER.info("log4j fileLogger ==> mills-> " + 
System.currentTimeMillis());
         LOG4J2_LOGGER.info("log4j2 fileLogger ==> mills->" + 
System.currentTimeMillis());
         LOGBACK_LOGGER.info("logback fileLogger ==> mills-> {}", 
System.currentTimeMillis());
         return TraceContext.traceId();
diff --git 
a/test/e2e-v2/java-test-service/e2e-service-provider/src/main/java/org/apache/skywalking/e2e/controller/LogController.java
 
b/test/e2e-v2/java-test-service/e2e-service-provider/src/main/java/org/apache/skywalking/e2e/controller/LogController.java
index 16970f106d..0b21967c5d 100644
--- 
a/test/e2e-v2/java-test-service/e2e-service-provider/src/main/java/org/apache/skywalking/e2e/controller/LogController.java
+++ 
b/test/e2e-v2/java-test-service/e2e-service-provider/src/main/java/org/apache/skywalking/e2e/controller/LogController.java
@@ -17,8 +17,8 @@
 
 package org.apache.skywalking.e2e.controller;
 
-import org.apache.log4j.Logger;
 import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.apache.skywalking.apm.toolkit.trace.TraceContext;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -27,14 +27,11 @@ import 
org.springframework.web.bind.annotation.RestController;
 @RestController
 public class LogController {
 
-    private static final Logger LOG4J_LOGGER = 
Logger.getLogger(LogController.class);
-    private static final org.apache.logging.log4j.Logger LOG4J2_LOGGER = 
LogManager.getLogger(
-        LogController.class);
+    private static final Logger LOG4J2_LOGGER = 
LogManager.getLogger(LogController.class);
     private static final org.slf4j.Logger LOGBACK_LOGGER = 
LoggerFactory.getLogger(LogController.class);
 
     @RequestMapping(value = "/logs/trigger")
     public String trigger() {
-        LOG4J_LOGGER.info("log4j message==> now-> " + 
System.currentTimeMillis());
         LOG4J2_LOGGER.info("log4j2 message==> now-> " + 
System.currentTimeMillis());
         LOGBACK_LOGGER.info("logback message==> now-> {}", 
System.currentTimeMillis());
         return TraceContext.traceId();
diff --git 
a/test/e2e-v2/java-test-service/e2e-service-provider/src/main/resources/log4j.properties
 
b/test/e2e-v2/java-test-service/e2e-service-provider/src/main/resources/log4j.properties
deleted file mode 100644
index 56a721e0ad..0000000000
--- 
a/test/e2e-v2/java-test-service/e2e-service-provider/src/main/resources/log4j.properties
+++ /dev/null
@@ -1,26 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-log4j.rootLogger=info,CustomAppender
-log4j.appender.CustomAppender=org.apache.skywalking.apm.toolkit.log.log4j.v1.x.log.GRPCLogClientAppender
-log4j.appender.CustomAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.CustomAppender.layout.ConversionPattern=[%t] %-5p %c %x - %m%n
-
-log4j.logger.fileLogger=info,FileAppender
-log4j.appender.FileAppender=org.apache.log4j.FileAppender
-log4j.appender.FileAppender.ImmediateFlush=true
-log4j.appender.FileAppender.Append=true
-log4j.appender.FileAppender.File=/tmp/skywalking-logs/log4j1/e2e-service-provider.log
-log4j.appender.FileAppender.layout=org.apache.skywalking.apm.toolkit.log.log4j.v1.x.TraceIdPatternLayout
-log4j.appender.FileAppender.layout.ConversionPattern=[%T{SW_CTX}] [%p] 
%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %c:%L - %m%n
\ No newline at end of file

Reply via email to