Restore log4j exclusion in gradle build (#1801)

2025-04-29 19:47:51 +02:00 · 2022-09-30 14:04:00 -04:00 · 2022-09-30 14:04:00 -04:00 · 63680f16ad
commit 63680f16ad
parent d0cec9ff54
1 changed files with 6 additions and 0 deletions
--- a/java_common.gradle
+++ b/java_common.gradle
@ -62,6 +62,12 @@ configurations {
    // See https://issues.apache.org/jira/browse/BEAM-8862
    it.exclude group: 'org.mockito', module: 'mockito-core'
  }
+  all.each {
+    // log4j has high-profile security vulnerabilities. It's a transitive
+    // dependency used by some Apache Beam packages. Excluding it does not
+    // impact our troubleshooting needs.
+    it.exclude group: 'org.apache.logging.log4j'
+  }
 }

 dependencies {