Migrate Log4j 1.x to Log4j 2.x
org.openrewrite.java.logging.log4j.Log4j1ToLog4j2
Migrates Log4j 1.x to Log4j 2.x. This remediates the Log4Shell vulnerability by upgrading to latest version of Log4j 2.
Tags
Log4Shell
logging
CVE-2021-44228
log4j
Recipe source
GitHub, Issue Tracker, Maven Central
groupId: org.openrewrite.recipe
artifactId: rewrite-logging-frameworks
version: 2.6.0
This recipe is composed of more than one recipe. If you want to customize the set of recipes this is composed of, you can find and copy the GitHub source for the recipe from the link above.
Usage
This recipe has no required configuration options. It can be activated by adding a dependency on org.openrewrite.recipe:rewrite-logging-frameworks:2.6.0
in your build file or by running a shell command (in which case no build changes are needed):
Add the following to your
build.gradle
file:
Run
gradle rewriteRun
to run the recipe.
Definition
Replace any Lombok log annotations with target logging framework annotation
loggingFramework:
Log4J2
oldPackageName:
org.apache.log4j
newPackageName:
org.apache.logging.log4j
Change method target to static
methodPattern:
org.apache.logging.log4j.Logger getLogger(..)
fullyQualifiedTargetTypeName:
org.apache.logging.log4j.LogManager
Change method target to static
methodPattern:
org.apache.logging.log4j.Logger getRootLogger()
fullyQualifiedTargetTypeName:
org.apache.logging.log4j.LogManager
methodPattern:
org.apache.logging.log4j.Category getEffectiveLevel()
newMethodName:
getLevel
Add Gradle or Maven dependency
groupId:
org.apache.logging.log4j
artifactId:
log4j-api
version:
2.x
onlyIfUsing:
org.apache.log4j.*
Add Gradle or Maven dependency
groupId:
org.apache.logging.log4j
artifactId:
log4j-core
version:
2.x
onlyIfUsing:
org.apache.log4j.*
Remove a Gradle or Maven dependency
groupId:
log4j
artifactId:
log4j
Remove a Gradle or Maven dependency
groupId:
ch.qos.reload4j
artifactId:
reload4j
Add Gradle or Maven dependency
groupId:
org.apache.logging.log4j
artifactId:
log4j-api
version:
2.x
onlyIfUsing:
org.apache.logging.log4j.*
Add Gradle or Maven dependency
groupId:
org.apache.logging.log4j
artifactId:
log4j-core
version:
2.x
onlyIfUsing:
org.apache.logging.log4j.*
Change Gradle or Maven dependency
oldGroupId:
org.slf4j
oldArtifactId:
slf4j-log4j12
newGroupId:
org.apache.logging.log4j
newArtifactId:
log4j-slf4j-impl
newVersion:
2.x
Change Gradle or Maven dependency
oldGroupId:
org.slf4j
oldArtifactId:
slf4j-reload4j
newGroupId:
org.apache.logging.log4j
newArtifactId:
log4j-slf4j-impl
newVersion:
2.x
Upgrade Gradle or Maven dependency versions
groupId:
org.apache.logging.log4j
artifactId:
*
newVersion:
2.x
overrideManagedVersion:
true
See how this recipe works across multiple open-source repositories
The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.
Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.
Contributors
Aaron Gershman, Patrick, Sam Snyder, Knut Wannheden, Tim te Beek, Adriano Machado, Jonathan Schnéider
Last updated