reflects that log4j2 libs are updated to 2.13.0 but repositories still contain 2.10.0 jars.
Since there is a "semi-automatic" process the managed dependencies go through, is there perhaps an eta on this?
Asked
Active
Viewed 176 times
0
-
Why do you refer to spring boot version 2.0.8.RELEASE? and not the most recent 2.2.2.RELEASE instead https://search.maven.org/search?q=g:org.springframework.boot – khmarbaise Dec 24 '19 at 09:19
-
2.2.2.RELEASE has the same problem. We are stuck at 2.0.8.RELEASE at the moment because of [https://hibernate.atlassian.net/browse/HHH-13250]. Not much longer though. – Buks van der Lingen Dec 25 '19 at 10:22
-
First the 2.2.2.RELEASE of spring boot contains references to log4j 2.12.1. If you really know what you are doing you can of course overwrite the used log4j version via a dependencyManagement in your own project but I do not recommend it. The next update of Spring boot will take only 1-2 months (or less) and I bet they will upgrade the log4j dependency to the most recent ones...apart from that based on the issue reference I'm not sure what your real problem is: Do you use `*.hbm` files for mapping? – khmarbaise Dec 25 '19 at 14:49
-
Yes it references 2.12.2. [https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-log4j2/2.2.2.RELEASE] advertises 2.13.0 - same issue. Why does the maven repository differ from the actual pom file in maven central? That is my real issue. I dropped the spring-boot-starter and added the log4j2 2.13.0 dependencies directly. (Even THEY have bad references - see the slf4j vers 1.7.25 vs the advertised 1.7.29). Doing manual dependency management again. Great. Double check every dependency from maven. Check all imported jar ver as well as any dependency management therein. – Buks van der Lingen Dec 27 '19 at 07:02