while running mvn build Maven downloading log4j-1.2.12.jar | Adobe Higher Education
Skip to main content
Nandheswara
Nandheswara
Level 4
March 21, 2025
Beantwortet

while running mvn build Maven downloading log4j-1.2.12.jar

  • March 21, 2025
  • 2 Antworten
  • 1108 Ansichten

Hi all,

When running a maven build for a local installation of AEM, the very first thing it does is to reach out to the maven central repo and download an old version of log4j that has known vulnerabilities

I want latest version needs to be download for log4j

[DEBUG] Importing foreign packages into class realm extension>com.day.jcr.vault:content-package-maven-plugin:1.0.2 [DEBUG] Imported: < maven.api [DEBUG] Populating class realm extension>com.day.jcr.vault:content-package-maven-plugin:1.0.2 [DEBUG] Included: com.day.jcr.vault:content-package-maven-plugin:jar:1.0.2 [DEBUG] Included: javax.enterprise:cdi-api:jar:1.0 [DEBUG] Included: javax.annotation:jsr250-api:jar:1.0 [DEBUG] Included: org.eclipse.sisu:org.eclipse.sisu.inject:jar:0.3.0.M1 [DEBUG] Included: org.sonatype.sisu:sisu-guice:jar:no_aop:3.2.3 [DEBUG] Included: aopalliance:aopalliance:jar:1.0 [DEBUG] Included: com.google.guava:guava:jar:16.0.1 [DEBUG] Included: org.codehaus.plexus:plexus-interpolation:jar:1.21 [DEBUG] Included: org.codehaus.plexus:plexus-component-annotations:jar:1.5.5 [DEBUG] Included: org.apache.xbean:xbean-reflect:jar:3.4 [DEBUG] Included: log4j:log4j:jar:1.2.12 [DEBUG] Created new class realm extension>org.apache.jackrabbit:filevault-package-maven-plugin:1.0.3 [DEBUG] Importing foreign packages into class realm extension>org.apache.jackrabbit:filevault-package-maven-plugin:1.0.3 [DEBUG] Imported: < maven.api [DEBUG] Populating class realm extension>org.apache.jackrabbit:filevault-package-maven-plugin:1.0.3 [DEBUG] Included: org.apache.jackrabbit:filevault-package-maven-plugin:jar:1.0.3 [DEBUG] Included: org.apache.jackrabbit.vault:org.apache.jackrabbit.vault:jar:3.2.0 [DEBUG] Included: javax.jcr:jcr:jar:2.0 [DEBUG] Included: org.apache.maven:maven-builder-support:jar:3.3.9 [DEBUG] Included: com.google.guava:guava:jar:18.0 [DEBUG] Included: javax.enterprise:cdi-api:jar:1.0 [DEBUG] Included: javax.annotation:jsr250-api:jar:1.0 [DEBUG] Included: org.eclipse.sisu:org.eclipse.sisu.inject:jar:0.3.2 [DEBUG] Included: com.google.inject:guice:jar:no_aop:4.0 [DEBUG] Included: aopalliance:aopalliance:jar:1.0 [DEBUG] Included: org.codehaus.plexus:plexus-interpolation:jar:1.21 [DEBUG] Included: org.codehaus.plexus:plexus-component-annotations:jar:1.6 [DEBUG] Included: org.sonatype.plexus:plexus-sec-dispatcher:jar:1.3 [DEBUG] Included: org.sonatype.plexus:plexus-cipher:jar:1.4 [DEBUG] Included: org.apache.commons:commons-lang3:jar:3.4 [DEBUG] Included: org.apache.maven.plugin-tools:maven-plugin-annotations:jar:3.5 [DEBUG] Included: org.apache.xbean:xbean-reflect:jar:3.4 [DEBUG] Included: log4j:log4j:jar:1.2.12 [DEBUG] org.apache.maven:maven-plugin-api:jar:3.2.5:compile [DEBUG] org.apache.maven:maven-project:jar:3.0-alpha-2:compile [DEBUG] org.codehaus.plexus:plexus-container-default:jar:1.0-beta-3.0.5:compile [DEBUG] org.apache.xbean:xbean-reflect:jar:3.4:compile [DEBUG] log4j:log4j:jar:1.2.12:compile [DEBUG] commons-logging:commons-logging-api:jar:1.1:compile Downloading from adobe-public-releases: https://repo.adobe.com/nexus/content/groups/public/log4j/log4j/1.2.12/log4j-1.2.12.pom Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom (145 B at 236 B/s) Downloading from adobe-public-releases: https://repo.adobe.com/nexus/content/groups/public/log4j/log4j/1.2.12/log4j-1.2.12.jar Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar (358 kB at 527 kB/s)

I tried with these dependencies but not working for me

<dependency> <groupId>org.apache.xbean</groupId> <artifactId>xbean-reflect</artifactId> <version>3.4</version> <exclusions> <exclusion> <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.codehaus.plexus</groupId> <artifactId>plexus-container-default</artifactId> <version>1.0-beta-3.0.5</version> <exclusions> <exclusion> <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> </dependency>

 

 

If any have some idea please suggest some solution to resolve this issue

 

Thanks

Nandheswara

Beste Antwort von giuseppebaglio

First ensure that your project's pom.xml includes the latest version of log4j. Add the following dependency to your <dependency> section:

<dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-core</artifactId> <version>2.20.0</version> </dependency>

 If the issue persists, consider updating these dependencies to more recent versions if possible.

 

https://mvnrepository.com/artifact/org.apache.xbean/xbean-reflect/4.26

https://mvnrepository.com/artifact/org.codehaus.plexus/plexus-container-default/2.1.1 

 

2 Antworten

giuseppebaglio
giuseppebaglioAntwort
Level 10
March 21, 2025

First ensure that your project's pom.xml includes the latest version of log4j. Add the following dependency to your <dependency> section:

<dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-core</artifactId> <version>2.20.0</version> </dependency>

 If the issue persists, consider updating these dependencies to more recent versions if possible.

 

https://mvnrepository.com/artifact/org.apache.xbean/xbean-reflect/4.26

https://mvnrepository.com/artifact/org.codehaus.plexus/plexus-container-default/2.1.1 

 

    arunpatidar
    Community Advisor
    arunpatidarCommunity Advisor
    Community Advisor
    March 21, 2025

    Hi @nandheswara 

    If issue does not resolve with above steps then you can try updating project with latest compatible archtype

    https://github.com/adobe/aem-project-archetype 

    Arun Patidar
      kautuk_sahni
      Community Manager
      kautuk_sahniCommunity Manager
      Community Manager
      April 1, 2025

      @nandheswara Did you find the suggestions helpful? Please let us know if you need more information. If a response worked, kindly mark it as correct for posterity; alternatively, if you found a solution yourself, we’d appreciate it if you could share it with the community. Thank you!

      Kautuk Sahni
      Allgemeine NutzungsbedingungenAccessibility statement

      Loading footer...