while running mvn build Maven downloading log4j-1.2.12.jar | Community
Skip to main content
Nandheswara
Nandheswara
New Participant
March 21, 2025
Solved

while running mvn build Maven downloading log4j-1.2.12.jar

  • March 21, 2025
  • 2 replies
  • 1102 views

Hi all,

When running a maven build for a local installation of AEM, the very first thing it does is to reach out to the maven central repo and download an old version of log4j that has known vulnerabilities

I want latest version needs to be download for log4j

[DEBUG] Importing foreign packages into class realm extension>com.day.jcr.vault:content-package-maven-plugin:1.0.2 [DEBUG] Imported: < maven.api [DEBUG] Populating class realm extension>com.day.jcr.vault:content-package-maven-plugin:1.0.2 [DEBUG] Included: com.day.jcr.vault:content-package-maven-plugin:jar:1.0.2 [DEBUG] Included: javax.enterprise:cdi-api:jar:1.0 [DEBUG] Included: javax.annotation:jsr250-api:jar:1.0 [DEBUG] Included: org.eclipse.sisu:org.eclipse.sisu.inject:jar:0.3.0.M1 [DEBUG] Included: org.sonatype.sisu:sisu-guice:jar:no_aop:3.2.3 [DEBUG] Included: aopalliance:aopalliance:jar:1.0 [DEBUG] Included: com.google.guava:guava:jar:16.0.1 [DEBUG] Included: org.codehaus.plexus:plexus-interpolation:jar:1.21 [DEBUG] Included: org.codehaus.plexus:plexus-component-annotations:jar:1.5.5 [DEBUG] Included: org.apache.xbean:xbean-reflect:jar:3.4 [DEBUG] Included: log4j:log4j:jar:1.2.12 [DEBUG] Created new class realm extension>org.apache.jackrabbit:filevault-package-maven-plugin:1.0.3 [DEBUG] Importing foreign packages into class realm extension>org.apache.jackrabbit:filevault-package-maven-plugin:1.0.3 [DEBUG] Imported: < maven.api [DEBUG] Populating class realm extension>org.apache.jackrabbit:filevault-package-maven-plugin:1.0.3 [DEBUG] Included: org.apache.jackrabbit:filevault-package-maven-plugin:jar:1.0.3 [DEBUG] Included: org.apache.jackrabbit.vault:org.apache.jackrabbit.vault:jar:3.2.0 [DEBUG] Included: javax.jcr:jcr:jar:2.0 [DEBUG] Included: org.apache.maven:maven-builder-support:jar:3.3.9 [DEBUG] Included: com.google.guava:guava:jar:18.0 [DEBUG] Included: javax.enterprise:cdi-api:jar:1.0 [DEBUG] Included: javax.annotation:jsr250-api:jar:1.0 [DEBUG] Included: org.eclipse.sisu:org.eclipse.sisu.inject:jar:0.3.2 [DEBUG] Included: com.google.inject:guice:jar:no_aop:4.0 [DEBUG] Included: aopalliance:aopalliance:jar:1.0 [DEBUG] Included: org.codehaus.plexus:plexus-interpolation:jar:1.21 [DEBUG] Included: org.codehaus.plexus:plexus-component-annotations:jar:1.6 [DEBUG] Included: org.sonatype.plexus:plexus-sec-dispatcher:jar:1.3 [DEBUG] Included: org.sonatype.plexus:plexus-cipher:jar:1.4 [DEBUG] Included: org.apache.commons:commons-lang3:jar:3.4 [DEBUG] Included: org.apache.maven.plugin-tools:maven-plugin-annotations:jar:3.5 [DEBUG] Included: org.apache.xbean:xbean-reflect:jar:3.4 [DEBUG] Included: log4j:log4j:jar:1.2.12 [DEBUG] org.apache.maven:maven-plugin-api:jar:3.2.5:compile [DEBUG] org.apache.maven:maven-project:jar:3.0-alpha-2:compile [DEBUG] org.codehaus.plexus:plexus-container-default:jar:1.0-beta-3.0.5:compile [DEBUG] org.apache.xbean:xbean-reflect:jar:3.4:compile [DEBUG] log4j:log4j:jar:1.2.12:compile [DEBUG] commons-logging:commons-logging-api:jar:1.1:compile Downloading from adobe-public-releases: https://repo.adobe.com/nexus/content/groups/public/log4j/log4j/1.2.12/log4j-1.2.12.pom Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom (145 B at 236 B/s) Downloading from adobe-public-releases: https://repo.adobe.com/nexus/content/groups/public/log4j/log4j/1.2.12/log4j-1.2.12.jar Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar (358 kB at 527 kB/s)

I tried with these dependencies but not working for me

<dependency> <groupId>org.apache.xbean</groupId> <artifactId>xbean-reflect</artifactId> <version>3.4</version> <exclusions> <exclusion> <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.codehaus.plexus</groupId> <artifactId>plexus-container-default</artifactId> <version>1.0-beta-3.0.5</version> <exclusions> <exclusion> <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> </dependency>

 

 

If any have some idea please suggest some solution to resolve this issue

 

Thanks

Nandheswara

Best answer by giuseppebaglio

First ensure that your project's pom.xml includes the latest version of log4j. Add the following dependency to your <dependency> section:

<dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-core</artifactId> <version>2.20.0</version> </dependency>

 If the issue persists, consider updating these dependencies to more recent versions if possible.

 

https://mvnrepository.com/artifact/org.apache.xbean/xbean-reflect/4.26

https://mvnrepository.com/artifact/org.codehaus.plexus/plexus-container-default/2.1.1 

 

2 replies

kautuk_sahni
kautuk_sahni
Employee
April 1, 2025

@nandheswara Did you find the suggestions helpful? Please let us know if you need more information. If a response worked, kindly mark it as correct for posterity; alternatively, if you found a solution yourself, we’d appreciate it if you could share it with the community. Thank you!

Kautuk Sahni
giuseppebaglio
giuseppebaglioAccepted solution
New Participant
March 21, 2025

First ensure that your project's pom.xml includes the latest version of log4j. Add the following dependency to your <dependency> section:

<dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-core</artifactId> <version>2.20.0</version> </dependency>

 If the issue persists, consider updating these dependencies to more recent versions if possible.

 

https://mvnrepository.com/artifact/org.apache.xbean/xbean-reflect/4.26

https://mvnrepository.com/artifact/org.codehaus.plexus/plexus-container-default/2.1.1 

 

    arunpatidar
    arunpatidar
    New Participant
    March 21, 2025

    Hi @nandheswara 

    If issue does not resolve with above steps then you can try updating project with latest compatible archtype

    https://github.com/adobe/aem-project-archetype 

    Arun Patidar
      Terms & ConditionsAccessibility statement

      Loading footer...