从pom.xml文件中排除log4j

64jmpszr  于 2022-11-06  发布在  其他
关注(0)|答案(1)|浏览(205)

我正在尝试修复log4j漏洞,并已将现有的log4j更新为最新的log4j-core版本。
我尝试在googlecode.owasp依赖项中添加exclusion,但是旧版本的log4j-1.2.12被添加到war文件中。到目前为止,maven插件没有任何变化。
请让我知道如何排除log4j-1.2.12。
Maven依赖项:树

[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ Invoice ---
[INFO] Bookings:Invoice:war:0.0.1-SNAPSHOT
[INFO] +- Bookings:Miscellaneous:jar:0.0.1-SNAPSHOT:compile 
[INFO] |  +- org.owasp.esapi:esapi:jar:2.1.0:compile  
[INFO] |  |  +- commons-configuration:commons-configuration:jar:1.5:compile 
[INFO] |  |  |  \- commons-digester:commons-digester:jar:1.8:compile
[INFO] |  |  +- commons-beanutils:commons-beanutils-core:jar:1.7.0:compile
[INFO] |  |  +- xom:xom:jar:1.2.5:compile
[INFO] |  |  |  \- xalan:xalan:jar:2.7.0:compile
[INFO] |  |  \- org.beanshell:bsh-core:jar:2.0b4:compile
[INFO] |  +  xalan:serializer:jar:2.7.1:compile 
[INFO] |  |  \- xml-apis:xml-apis:jar:1.3.04:compile
[INFO] |  +- org.owasp.antisamy:antisamy:jar:1.4.4:compile
[INFO] |  |  +- xerces:xercesImpl:jar:2.8.1:compile
[INFO] |  |  +- org.apache.xmlgraphics:batik-css:jar:1.7:compile
[INFO] |  |  |  +- org.apache.xmlgraphics:batik-ext:jar:1.7:compile
[INFO] |  |  |  +- org.apache.xmlgraphics:batik-util:jar:1.7:compile 
[INFO] |  |  |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
[INFO] |  |  +- net.sourceforge.nekohtml;nekohtml:jar:1.9.12:compile 
[INFO] |  |  \- commons-httpclient:commons-httpclient:jar:3.1:compile
[INFO] |  +- com.mikesamuel:json-sanitizer:jar:1.2.0:compile
[INFO] |  +- com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:jar:r156:compile
[INFO] |  |  +- com.google.guava:guava:jar:31.1-jre:compile (version selected from constraint [11.0,)) 
[INFO] |  |  |  +- com.google.guava:failureaccess:jar:1.0.1:compile 
[INFO] |  |  |  +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] |  |  |  +- org.checkerframework:checker-qual:jar:3.12.0:compile 
[INFO] |  |  |  +- com.google.errorprone:error_prone_annotations:jar:2.11.0:compile
[INFO] |  |  |  \- com.google.j2objc:j2objc-annotations:jar:1.3:compile
[INFO] |  |  \-  com.google.code.findbugs:jsr305:jar:3.0.2:compile (version selected from constraint [1.3.9,))
[INFO] |  \- log4j:log4j:jar:1.2.12:compile
Log4j

1条答案

按热度按时间
a0x5cqrl

a0x5cqrl1#

看起来像Bookings:Miscellaneous:jar依赖于log4j。
将“bookings:miscellaneous”依赖关系更改为如下所示:

<dependency>
        <groupId>Bookings</groupId>
        <artifactId>Miscellaneous</artifactId>
        <version>0.0.1-SNAPSHOT</version>
        <exclusions>
            <exclusion>
                <groupId>log4j</groupId>
                <artifactId>log4j</artifactId>
            </exclusion>
        </exclusions>
    </dependency>

然后添加一个依赖项以进行回登录,如下所示:

<dependency>
    <groupId>ch.qos.logback</groupId>
    <artifactId>logback-classic</artifactId>
    <version>{someversion-your-choise}</version>
</dependency>

最后,将适配器从log4j添加到slf4j:

<dependency>
        <groupId>org.apache.logging.log4j</groupId>
        <artifactId>log4j-to-slf4j</artifactId>
        <version>{someversion-your-choise}</version>
      </dependency>
赞(0)分享  回复(0)举报  2022-11-06
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com