From 63680f16ada01a8b343a385788358971ac84c60a Mon Sep 17 00:00:00 2001
From: Weimin Yu <weiminyu@google.com>
Date: Fri, 30 Sep 2022 14:04:00 -0400
Subject: [PATCH] Restore log4j exclusion in gradle build (#1801)

---
 java_common.gradle | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/java_common.gradle b/java_common.gradle
index 425555b17..e56b62cf4 100644
--- a/java_common.gradle
+++ b/java_common.gradle
@@ -62,6 +62,12 @@ configurations {
     // See https://issues.apache.org/jira/browse/BEAM-8862
     it.exclude group: 'org.mockito', module: 'mockito-core'
   }
+  all.each {
+    // log4j has high-profile security vulnerabilities. It's a transitive
+    // dependency used by some Apache Beam packages. Excluding it does not
+    // impact our troubleshooting needs.
+    it.exclude group: 'org.apache.logging.log4j'
+  }
 }
 
 dependencies {