Upgrade Log4j 2.x dependency version org.openrewrite.java.logging.log4j.UpgradeLog4J2DependencyVersion
Upgrades the Log4j 2.x dependencies to the latest 2.x version. Mitigates the Log4Shell and other Log4j2-related vulnerabilities .
Tags
Recipe source
GitHub , Issue Tracker , Maven Central
groupId: org.openrewrite.recipe
artifactId: rewrite-logging-frameworks
Usage
This recipe has no required configuration options. It can be activated by adding a dependency on org.openrewrite.recipe:rewrite-logging-frameworks:2.9.1
in your build file or by running a shell command (in which case no build changes are needed):
Gradle Gradle init script Maven POM Maven Command Line Moderne CLI
Add the following to your build.gradle
file:
Copy plugins {
id( "org.openrewrite.rewrite" ) version( "6.16.1" )
}
rewrite {
activeRecipe( "org.openrewrite.java.logging.log4j.UpgradeLog4J2DependencyVersion" )
}
repositories {
mavenCentral()
}
dependencies {
rewrite( "org.openrewrite.recipe:rewrite-logging-frameworks:2.9.1" )
}
Run gradle rewriteRun
to run the recipe.
Create a file named init.gradle
in the root of your project.
Copy initscript {
repositories {
maven { url "https://plugins.gradle.org/m2" }
}
dependencies { classpath( "org.openrewrite:plugin:6.16.1" ) }
}
rootProject {
plugins . apply( org.openrewrite.gradle.RewritePlugin )
dependencies {
rewrite( "org.openrewrite.recipe:rewrite-logging-frameworks:2.9.1" )
}
rewrite {
activeRecipe( "org.openrewrite.java.logging.log4j.UpgradeLog4J2DependencyVersion" )
}
afterEvaluate {
if (repositories . isEmpty()) {
repositories {
mavenCentral()
}
}
}
}
Run gradle --init-script init.gradle rewriteRun
to run the recipe.
Add the following to your pom.xml
file:
Copy < project >
< build >
< plugins >
< plugin >
< groupId >org.openrewrite.maven</ groupId >
< artifactId >rewrite-maven-plugin</ artifactId >
< version >5.34.0</ version >
< configuration >
< activeRecipes >
< recipe >org.openrewrite.java.logging.log4j.UpgradeLog4J2DependencyVersion</ recipe >
</ activeRecipes >
</ configuration >
< dependencies >
< dependency >
< groupId >org.openrewrite.recipe</ groupId >
< artifactId >rewrite-logging-frameworks</ artifactId >
< version >2.9.1</ version >
</ dependency >
</ dependencies >
</ plugin >
</ plugins >
</ build >
</ project >
Run mvn rewrite:run
to run the recipe.
You will need to have Maven installed on your machine before you can run the following command.
Copy mvn -U org.openrewrite.maven:rewrite-maven-plugin:run -Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-logging-frameworks:RELEASE -Drewrite.activeRecipes=org.openrewrite.java.logging.log4j.UpgradeLog4J2DependencyVersion
You will need to have configured the Moderne CLI on your machine before you can run the following command.
Copy mod run . --recipe UpgradeLog4J2DependencyVersion
Definition
Recipe List Yaml Recipe List
Copy ---
type : specs.openrewrite.org/v1beta/recipe
name : org.openrewrite.java.logging.log4j.UpgradeLog4J2DependencyVersion
displayName : Upgrade Log4j 2.x dependency version
description : Upgrades the Log4j 2.x dependencies to the latest 2.x version.
Mitigates the [Log4Shell and other Log4j2-related vulnerabilities](https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-356a).
tags :
- security
- log4shell
- logging
- CVE-2021-44228
- log4j
recipeList :
- org.openrewrite.java.dependencies.UpgradeDependencyVersion :
groupId : org.apache.logging.log4j
artifactId : *
newVersion : 2.x
overrideManagedVersion : true
See how this recipe works across multiple open-source repositories
The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.
Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.