1

I am trying to upgrade the version of log4j in my grails 2.5.4 application from 1.2.17 to 2.17.2. I am able to build and deploy the war and have all the logs work as expected, but the app does not log anything when running with grails run-app locally.

To upgrade the version, I made the following changes to BuildConfig.groovy:

inherits("global") {
        excludes "grails-plugin-log4j", "log4j"
    }

    dependencies {

        runtime 'org.apache.logging.log4j:log4j-core:2.17.2'
        runtime 'org.apache.logging.log4j:log4j-api:2.17.2'
        runtime 'org.apache.logging.log4j:log4j-jcl:2.17.2'
        runtime 'org.apache.logging.log4j:log4j-slf4j-impl:2.17.2'
        runtime 'org.apache.logging.log4j:log4j-1.2-api:2.17.2'

log4j2.properties:

rootLogger.level = INFO
rootLogger.additivity = false
rootLogger.appenderRefs = stdout
rootLogger.appenderRef.stdout.ref = STDOUT

appender.console.type = Console
appender.console.name = STDOUT
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = %d [%t] %-5p %c{2} %x %m %n

If I remove the log4j-1.2-api dependency, the logs work locally with run-app but the app is unable to start when deploying the war. The primary error log is:

Caused by: java.lang.ClassNotFoundException: org.apache.log4j.Level
user2518159
  • 11
  • 2
  • There are numerous reasons what you tried won't work. If you are upgrading because of CVE-2021-44228 you should review https://grails.org/blog/2021-12-14-log4j2-cve.html. – Jeff Scott Brown Apr 06 '22 at 13:17
  • @JeffScottBrown I am upgrading because of https://stackoverflow.com/questions/71757848/grails-2-5-4-does-not-log-anything-when-running-with-run-app-after-upgrading-log Would be great if you could elaborate, it's not helpful to just come in and say this won't work. – user2518159 Apr 06 '22 at 15:11
  • The issue you linked is this one. – Jeff Scott Brown Apr 06 '22 at 15:57
  • @JeffScottBrown Sorry https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307 – user2518159 Apr 06 '22 at 15:59
  • Your question may be a duplicate of https://stackoverflow.com/questions/70741835/internal-grails-logs-appearing-after-log4j2-upgrade. – Jeff Scott Brown Apr 06 '22 at 17:02

1 Answers1

0

Using Log4j 2.17.1 appears to have resolved this.

user2518159
  • 11
  • 2
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Cesare Polonara Apr 09 '22 at 00:40