Restore log4j exclusion in gradle build (#1801)

2025-12-23 14:25:44 +00:00 · 2022-09-30 14:04:00 -04:00
parent d83565d37e
commit 47071b0fbb
1 changed files with 6 additions and 0 deletions
--- a/java_common.gradle
+++ b/java_common.gradle
@@ -62,6 +62,12 @@ configurations {
    // See https://issues.apache.org/jira/browse/BEAM-8862
    it.exclude group: 'org.mockito', module: 'mockito-core'
  }
+  all.each {
+    // log4j has high-profile security vulnerabilities. It's a transitive
+    // dependency used by some Apache Beam packages. Excluding it does not
+    // impact our troubleshooting needs.
+    it.exclude group: 'org.apache.logging.log4j'
+  }
 }

 dependencies {