while running mvn build Maven downloading log4j-1.2.12.jar | Community
Skip to main content
Nandheswara
Nandheswara
Level 4
March 21, 2025
Solved

while running mvn build Maven downloading log4j-1.2.12.jar

  • March 21, 2025
  • 2 replies
  • 1119 views

Hi all,

When running a maven build for a local installation of AEM, the very first thing it does is to reach out to the maven central repo and download an old version of log4j that has known vulnerabilities

I want latest version needs to be download for log4j

[DEBUG] Importing foreign packages into class realm extension>com.day.jcr.vault:content-package-maven-plugin:1.0.2 [DEBUG] Imported: < maven.api [DEBUG] Populating class realm extension>com.day.jcr.vault:content-package-maven-plugin:1.0.2 [DEBUG] Included: com.day.jcr.vault:content-package-maven-plugin:jar:1.0.2 [DEBUG] Included: javax.enterprise:cdi-api:jar:1.0 [DEBUG] Included: javax.annotation:jsr250-api:jar:1.0 [DEBUG] Included: org.eclipse.sisu:org.eclipse.sisu.inject:jar:0.3.0.M1 [DEBUG] Included: org.sonatype.sisu:sisu-guice:jar:no_aop:3.2.3 [DEBUG] Included: aopalliance:aopalliance:jar:1.0 [DEBUG] Included: com.google.guava:guava:jar:16.0.1 [DEBUG] Included: org.codehaus.plexus:plexus-interpolation:jar:1.21 [DEBUG] Included: org.codehaus.plexus:plexus-component-annotations:jar:1.5.5 [DEBUG] Included: org.apache.xbean:xbean-reflect:jar:3.4 [DEBUG] Included: log4j:log4j:jar:1.2.12 [DEBUG] Created new class realm extension>org.apache.jackrabbit:filevault-package-maven-plugin:1.0.3 [DEBUG] Importing foreign packages into class realm extension>org.apache.jackrabbit:filevault-package-maven-plugin:1.0.3 [DEBUG] Imported: < maven.api [DEBUG] Populating class realm extension>org.apache.jackrabbit:filevault-package-maven-plugin:1.0.3 [DEBUG] Included: org.apache.jackrabbit:filevault-package-maven-plugin:jar:1.0.3 [DEBUG] Included: org.apache.jackrabbit.vault:org.apache.jackrabbit.vault:jar:3.2.0 [DEBUG] Included: javax.jcr:jcr:jar:2.0 [DEBUG] Included: org.apache.maven:maven-builder-support:jar:3.3.9 [DEBUG] Included: com.google.guava:guava:jar:18.0 [DEBUG] Included: javax.enterprise:cdi-api:jar:1.0 [DEBUG] Included: javax.annotation:jsr250-api:jar:1.0 [DEBUG] Included: org.eclipse.sisu:org.eclipse.sisu.inject:jar:0.3.2 [DEBUG] Included: com.google.inject:guice:jar:no_aop:4.0 [DEBUG] Included: aopalliance:aopalliance:jar:1.0 [DEBUG] Included: org.codehaus.plexus:plexus-interpolation:jar:1.21 [DEBUG] Included: org.codehaus.plexus:plexus-component-annotations:jar:1.6 [DEBUG] Included: org.sonatype.plexus:plexus-sec-dispatcher:jar:1.3 [DEBUG] Included: org.sonatype.plexus:plexus-cipher:jar:1.4 [DEBUG] Included: org.apache.commons:commons-lang3:jar:3.4 [DEBUG] Included: org.apache.maven.plugin-tools:maven-plugin-annotations:jar:3.5 [DEBUG] Included: org.apache.xbean:xbean-reflect:jar:3.4 [DEBUG] Included: log4j:log4j:jar:1.2.12 [DEBUG] org.apache.maven:maven-plugin-api:jar:3.2.5:compile [DEBUG] org.apache.maven:maven-project:jar:3.0-alpha-2:compile [DEBUG] org.codehaus.plexus:plexus-container-default:jar:1.0-beta-3.0.5:compile [DEBUG] org.apache.xbean:xbean-reflect:jar:3.4:compile [DEBUG] log4j:log4j:jar:1.2.12:compile [DEBUG] commons-logging:commons-logging-api:jar:1.1:compile Downloading from adobe-public-releases: https://repo.adobe.com/nexus/content/groups/public/log4j/log4j/1.2.12/log4j-1.2.12.pom Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom (145 B at 236 B/s) Downloading from adobe-public-releases: https://repo.adobe.com/nexus/content/groups/public/log4j/log4j/1.2.12/log4j-1.2.12.jar Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar (358 kB at 527 kB/s)

I tried with these dependencies but not working for me

<dependency> <groupId>org.apache.xbean</groupId> <artifactId>xbean-reflect</artifactId> <version>3.4</version> <exclusions> <exclusion> <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.codehaus.plexus</groupId> <artifactId>plexus-container-default</artifactId> <version>1.0-beta-3.0.5</version> <exclusions> <exclusion> <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> </dependency>

 

 

If any have some idea please suggest some solution to resolve this issue

 

Thanks

Nandheswara

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by giuseppebaglio

First ensure that your project's pom.xml includes the latest version of log4j. Add the following dependency to your <dependency> section:

<dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-core</artifactId> <version>2.20.0</version> </dependency>

 If the issue persists, consider updating these dependencies to more recent versions if possible.

 

https://mvnrepository.com/artifact/org.apache.xbean/xbean-reflect/4.26

https://mvnrepository.com/artifact/org.codehaus.plexus/plexus-container-default/2.1.1 

 

2 replies

giuseppebaglio
giuseppebaglioAccepted solution
Level 10
March 21, 2025

First ensure that your project's pom.xml includes the latest version of log4j. Add the following dependency to your <dependency> section:

<dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-core</artifactId> <version>2.20.0</version> </dependency>

 If the issue persists, consider updating these dependencies to more recent versions if possible.

 

https://mvnrepository.com/artifact/org.apache.xbean/xbean-reflect/4.26

https://mvnrepository.com/artifact/org.codehaus.plexus/plexus-container-default/2.1.1 

 

    arunpatidar
    Community Advisor
    arunpatidarCommunity Advisor
    Community Advisor
    March 21, 2025

    Hi @nandheswara 

    If issue does not resolve with above steps then you can try updating project with latest compatible archtype

    https://github.com/adobe/aem-project-archetype 

    Arun Patidar
      kautuk_sahni
      Community Manager
      kautuk_sahniCommunity Manager
      Community Manager
      April 1, 2025

      @nandheswara Did you find the suggestions helpful? Please let us know if you need more information. If a response worked, kindly mark it as correct for posterity; alternatively, if you found a solution yourself, we’d appreciate it if you could share it with the community. Thank you!

      Kautuk Sahni
      Terms & ConditionsAccessibility statement

      Loading footer...