Skip to content

Commit 37951bc

Browse files
ppkarwaszppkarwasz
authored
Upgrade Log4j to 2.25.3 (#3603)
Remove explicit dependencies on `osgi.annotation` and `biz.aQute.bnd.annotation`. Since Log4j 2.25.0, all artifacts publish Gradle Module Metadata that brings in these annotation libs as transitive compile-only dependencies, avoiding `-Xlint:classfile` warnings without needing to declare them directly. Remove `spotbugs-annotations` pulled in via Apache POI as a transitive **compile-only** dependency. It is not required for the build but triggers license check failures because SpotBugs (including its annotations) is licensed under LGPL-2.1.
1 parent 2f6f76f commit 37951bc

File tree

49 files changed

+653
-145
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

49 files changed

+653
-145
lines changed

changelog/unreleased/PR#3603-update-log4j.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
# See https://github.com/apache/solr/blob/main/dev-docs/changelog.adoc
2+
title: Upgrade Log4j to 2.25.3
3+
type: dependency_update
4+
authors:
5+
- name: Piotr P. Karwasz
6+
nick: ppkarwasz
7+
url: https://home.apache.org/phonebook.html?uid=pkarwasz
8+
merge_requests:
9+
- 3603

gradle/libs.versions.toml

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ apache-httpcomponents-httpclient = "4.5.14"
3636
apache-httpcomponents-httpcore = "4.4.16"
3737
apache-httpcomponents-httpmime = "4.5.14"
3838
apache-kafka = "3.9.1"
39-
apache-log4j = "2.21.0"
39+
apache-log4j = "2.25.3"
4040
apache-lucene = "10.3.2"
4141
apache-opennlp = "2.5.6"
4242
apache-rat = "0.15"
@@ -45,7 +45,6 @@ apache-tomcat = "6.0.53"
4545
apache-zookeeper = "3.9.4"
4646
# @keep for version alignment
4747
apiguardian = "1.1.2"
48-
aqute-bnd = "6.4.1"
4948
# @keep Asciidoctor mathjax version used in ref-guide
5049
asciidoctor-mathjax = "0.0.9"
5150
# @keep Asciidoctor tabs version used in ref-guide
@@ -304,7 +303,6 @@ apache-zookeeper-jute = { module = "org.apache.zookeeper:zookeeper-jute", versio
304303
apache-zookeeper-zookeeper = { module = "org.apache.zookeeper:zookeeper", version.ref = "apache-zookeeper" }
305304
# @keep transitive dependency for version alignment
306305
apiguardian-api = { module = "org.apiguardian:apiguardian-api", version.ref = "apiguardian" }
307-
aqute-bnd-annotation = { module = "biz.aQute.bnd:biz.aQute.bnd.annotation", version.ref = "aqute-bnd" }
308306
bc-jose4j = { module = "org.bitbucket.b_c:jose4j", version.ref = "bc-jose4j" }
309307
benmanes-caffeine = { module = "com.github.ben-manes.caffeine:caffeine", version.ref = "benmanes-caffeine" }
310308
bouncycastle-bcpkix = { module = "org.bouncycastle:bcpkix-jdk18on", version.ref = "bouncycastle" }
@@ -491,7 +489,6 @@ opentelemetry-sdk-extension-autoconfigure = { module = "io.opentelemetry:opentel
491489
opentelemetry-sdk-metrics = { module = "io.opentelemetry:opentelemetry-sdk-metrics", version.ref = "opentelemetry" }
492490
opentelemetry-sdk-testing = { module = "io.opentelemetry:opentelemetry-sdk-testing", version.ref = "opentelemetry" }
493491
opentelemetry-sdk-trace = { module = "io.opentelemetry:opentelemetry-sdk-trace", version.ref = "opentelemetry" }
494-
osgi-annotation = { module = "org.osgi:osgi.annotation", version.ref = "osgi-annotation" }
495492
oshai-logging = { module = "io.github.oshai:kotlin-logging", version.ref = "oshai-logging" }
496493
# @keep transitive dependency for version alignment
497494
ow2-asm-asm = { module = "org.ow2.asm:asm", version.ref = "ow2-asm" }

solr/api/gradle.lockfile

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -95,9 +95,9 @@ org.apache.curator:curator-test:5.9.0=jarValidation,testRuntimeClasspath
9595
org.apache.httpcomponents:httpclient:4.5.14=jarValidation,testRuntimeClasspath
9696
org.apache.httpcomponents:httpcore:4.4.16=jarValidation,testRuntimeClasspath
9797
org.apache.httpcomponents:httpmime:4.5.14=jarValidation,testRuntimeClasspath
98-
org.apache.logging.log4j:log4j-api:2.21.0=jarValidation,testRuntimeClasspath
99-
org.apache.logging.log4j:log4j-core:2.21.0=jarValidation,testRuntimeClasspath
100-
org.apache.logging.log4j:log4j-slf4j2-impl:2.21.0=jarValidation,testRuntimeClasspath
98+
org.apache.logging.log4j:log4j-api:2.25.3=jarValidation,testRuntimeClasspath
99+
org.apache.logging.log4j:log4j-core:2.25.3=jarValidation,testRuntimeClasspath
100+
org.apache.logging.log4j:log4j-slf4j2-impl:2.25.3=jarValidation,testRuntimeClasspath
101101
org.apache.lucene:lucene-analysis-common:10.3.2=jarValidation,testCompileClasspath,testRuntimeClasspath
102102
org.apache.lucene:lucene-analysis-kuromoji:10.3.2=jarValidation,testRuntimeClasspath
103103
org.apache.lucene:lucene-analysis-nori:10.3.2=jarValidation,testRuntimeClasspath

solr/benchmark/gradle.lockfile

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -86,9 +86,9 @@ org.apache.curator:curator-test:5.9.0=jarValidation,runtimeClasspath,testRuntime
8686
org.apache.httpcomponents:httpclient:4.5.14=jarValidation,runtimeClasspath,testRuntimeClasspath
8787
org.apache.httpcomponents:httpcore:4.4.16=jarValidation,runtimeClasspath,testRuntimeClasspath
8888
org.apache.httpcomponents:httpmime:4.5.14=jarValidation,runtimeClasspath,testRuntimeClasspath
89-
org.apache.logging.log4j:log4j-api:2.21.0=jarValidation,runtimeClasspath,testRuntimeClasspath
90-
org.apache.logging.log4j:log4j-core:2.21.0=jarValidation,runtimeClasspath,testRuntimeClasspath
91-
org.apache.logging.log4j:log4j-slf4j2-impl:2.21.0=jarValidation,runtimeClasspath,testRuntimeClasspath
89+
org.apache.logging.log4j:log4j-api:2.25.3=jarValidation,runtimeClasspath,testRuntimeClasspath
90+
org.apache.logging.log4j:log4j-core:2.25.3=jarValidation,runtimeClasspath,testRuntimeClasspath
91+
org.apache.logging.log4j:log4j-slf4j2-impl:2.25.3=jarValidation,runtimeClasspath,testRuntimeClasspath
9292
org.apache.lucene:lucene-analysis-common:10.3.2=compileClasspath,jarValidation,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
9393
org.apache.lucene:lucene-analysis-kuromoji:10.3.2=jarValidation,runtimeClasspath,testRuntimeClasspath
9494
org.apache.lucene:lucene-analysis-nori:10.3.2=jarValidation,runtimeClasspath,testRuntimeClasspath

solr/core/build.gradle

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -176,9 +176,6 @@ dependencies {
176176
// For faster XML processing than the JDK
177177
implementation libs.codehaus.woodstox.stax2api
178178
implementation libs.fasterxml.woodstox.core
179-
// See https://issues.apache.org/jira/browse/LOG4J2-3609 due to needing these annotations
180-
compileOnly libs.aqute.bnd.annotation
181-
compileOnly libs.osgi.annotation
182179

183180
compileOnly libs.stephenc.jcip.annotations
184181

solr/core/gradle.lockfile

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# This is a Gradle generated file for dependency locking.
22
# Manual edits can break the build and are not advised.
33
# This file is expected to be part of source control.
4-
biz.aQute.bnd:biz.aQute.bnd.annotation:6.4.1=compileClasspath,compileOnlyHelper,jarValidation
4+
biz.aQute.bnd:biz.aQute.bnd.annotation:7.1.0=compileClasspath,testCompileClasspath
55
com.carrotsearch.randomizedtesting:randomizedtesting-runner:2.8.3=jarValidation,testCompileClasspath,testRuntimeClasspath
66
com.carrotsearch:hppc:0.10.0=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath
77
com.fasterxml.jackson.core:jackson-annotations:2.20=apiHelper,compileClasspath,jarValidation,permitUnusedDeclared,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath
@@ -95,9 +95,9 @@ org.apache.curator:curator-test:5.9.0=jarValidation,testCompileClasspath,testRun
9595
org.apache.httpcomponents:httpclient:4.5.14=jarValidation,testCompileClasspath,testRuntimeClasspath
9696
org.apache.httpcomponents:httpcore:4.4.16=jarValidation,testCompileClasspath,testRuntimeClasspath
9797
org.apache.httpcomponents:httpmime:4.5.14=jarValidation,testRuntimeClasspath
98-
org.apache.logging.log4j:log4j-api:2.21.0=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath
99-
org.apache.logging.log4j:log4j-core:2.21.0=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath
100-
org.apache.logging.log4j:log4j-slf4j2-impl:2.21.0=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
98+
org.apache.logging.log4j:log4j-api:2.25.3=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath
99+
org.apache.logging.log4j:log4j-core:2.25.3=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath
100+
org.apache.logging.log4j:log4j-slf4j2-impl:2.25.3=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
101101
org.apache.lucene:lucene-analysis-common:10.3.2=apiHelper,compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath
102102
org.apache.lucene:lucene-analysis-icu:10.3.2=jarValidation,testRuntimeClasspath
103103
org.apache.lucene:lucene-analysis-kuromoji:10.3.2=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
@@ -178,9 +178,10 @@ org.mockito:mockito-core:5.19.0=jarValidation,testCompileClasspath,testRuntimeCl
178178
org.mockito:mockito-subclass:5.19.0=jarValidation,testRuntimeClasspath
179179
org.objenesis:objenesis:3.3=jarValidation,testRuntimeClasspath
180180
org.opentest4j:opentest4j:1.2.0=jarValidation,testCompileClasspath,testRuntimeClasspath
181-
org.osgi:org.osgi.resource:1.0.0=compileClasspath,compileOnlyHelper,jarValidation
182-
org.osgi:org.osgi.service.serviceloader:1.0.0=compileClasspath,compileOnlyHelper,jarValidation
183-
org.osgi:osgi.annotation:8.1.0=compileClasspath,compileOnlyHelper,jarValidation
181+
org.osgi:org.osgi.annotation.bundle:2.0.0=compileClasspath,testCompileClasspath
182+
org.osgi:org.osgi.annotation.versioning:1.1.2=compileClasspath,testCompileClasspath
183+
org.osgi:org.osgi.resource:1.0.0=compileClasspath,testCompileClasspath
184+
org.osgi:org.osgi.service.serviceloader:1.0.0=compileClasspath,testCompileClasspath
184185
org.ow2.asm:asm-commons:9.8=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
185186
org.ow2.asm:asm-tree:9.8=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
186187
org.ow2.asm:asm:9.8=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath

solr/cross-dc-manager/gradle.lockfile

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -120,12 +120,12 @@ org.apache.kafka:kafka-streams:3.9.1=jarValidation,runtimeClasspath,runtimeLibs,
120120
org.apache.kafka:kafka-tools-api:3.9.1=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
121121
org.apache.kafka:kafka-transaction-coordinator:3.9.1=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
122122
org.apache.kafka:kafka_2.13:3.9.1=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
123-
org.apache.logging.log4j:log4j-1.2-api:2.21.0=solrPlatformLibs
124-
org.apache.logging.log4j:log4j-api:2.21.0=jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testRuntimeClasspath
125-
org.apache.logging.log4j:log4j-core:2.21.0=jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testRuntimeClasspath
126-
org.apache.logging.log4j:log4j-layout-template-json:2.21.0=solrPlatformLibs
127-
org.apache.logging.log4j:log4j-slf4j2-impl:2.21.0=jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testRuntimeClasspath
128-
org.apache.logging.log4j:log4j-web:2.21.0=solrPlatformLibs
123+
org.apache.logging.log4j:log4j-1.2-api:2.25.3=solrPlatformLibs
124+
org.apache.logging.log4j:log4j-api:2.25.3=jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testRuntimeClasspath
125+
org.apache.logging.log4j:log4j-core:2.25.3=jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testRuntimeClasspath
126+
org.apache.logging.log4j:log4j-layout-template-json:2.25.3=solrPlatformLibs
127+
org.apache.logging.log4j:log4j-slf4j2-impl:2.25.3=jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testRuntimeClasspath
128+
org.apache.logging.log4j:log4j-web:2.25.3=solrPlatformLibs
129129
org.apache.lucene:lucene-analysis-common:10.3.2=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testCompileClasspath,testRuntimeClasspath
130130
org.apache.lucene:lucene-analysis-kuromoji:10.3.2=jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testRuntimeClasspath
131131
org.apache.lucene:lucene-analysis-nori:10.3.2=jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testRuntimeClasspath

solr/licenses/biz.aQute.bnd.annotation-6.4.1.jar.sha1

Lines changed: 0 additions & 1 deletion
This file was deleted.

solr/licenses/biz.aQute.bnd.annotation-7.1.0.jar.sha1

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
2f2be18c936d08cf46ea6cfa0043f34afdf38705

solr/licenses/log4j-1.2-api-2.21.0.jar.sha1

Lines changed: 0 additions & 1 deletion
This file was deleted.

0 commit comments

Comments
 (0)