[JENKINS-4433] log4j upgrade to version 1.2.12 or later

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: core
Labels:
None
Environment:
Platform: All, OS: All

Similar Issues:
Powered by SuggestiMate

Show

Hello,

I have noticed these warning after I performed an Hudson upgrade from 1.317 to
1.318

SLF4J: This version of SLF4J requires log4j version 1.2.12 or later. See also
http://www.slf4j.org/codes.html#log4j_version
log4j:WARN No appenders could be found for logger
(org.apache.commons.beanutils.converters.BooleanConverter).
log4j:WARN Please initialize the log4j system properly.
Constructor called: 15 false
Constructor called: 30 true
Constructor called: 10 false
Constructor called: 10 false
Constructor called: 15 false
Constructor called: 15 false
Constructor called: 10 false
Constructor called: 15 false
Constructor called: 15 false
Constructor called: 15 false
Constructor called: 15 false
Constructor called: 30 false
Constructor called: 15 false
Constructor called: 15 false
Constructor called: 10 false
Constructor called: 10 false
Constructor called: 3 false
Constructor called: 3 false
Constructor called: 5 false
Constructor called: 5 false
Constructor called: 45 false
Constructor called: 30 false
Constructor called: 15 false

I am now at Hudson version 1.323 and still seeing the warnings. the current
bundled log4j jar file is at version 1.2.9.

would it be possible to upgrade to 1.2.12? the latest stable version for log4j
is 1.5.8 but I am not sure if it will introduce breaking changes.

Andrea Barbieri added a comment - 2010-05-17 02:47

any near-term plans to update the log4j version included in the hudson war to at least 1.2.12 (currently 1.2.16), for the change log see:
http://logging.apache.org/log4j/1.2/changes-report.html

Andrea Barbieri added a comment - 2010-05-17 02:47 any near-term plans to update the log4j version included in the hudson war to at least 1.2.12 (currently 1.2.16), for the change log see: http://logging.apache.org/log4j/1.2/changes-report.html

Thomas Hallgren added a comment - 2012-11-14 16:40

What needs to be changed in order to move to the latest 1.2.x version? I'm willing to submit a patch if someone can point me to the right pom file(s).

Thomas Hallgren added a comment - 2012-11-14 16:40 What needs to be changed in order to move to the latest 1.2.x version? I'm willing to submit a patch if someone can point me to the right pom file(s).

Ryszard Łach added a comment - 2013-03-15 12:03

We've just upgraded log4j to 1.2.16 (simply replacing .jar file) in jenkins 1.503. So far we didn't notice any problems.

What's the problem with upgrade in jenkins ditribution? Did we miss something important before jar replacement?

Cheers,

Ryszard Łach added a comment - 2013-03-15 12:03 We've just upgraded log4j to 1.2.16 (simply replacing .jar file) in jenkins 1.503. So far we didn't notice any problems. What's the problem with upgrade in jenkins ditribution? Did we miss something important before jar replacement? Cheers, R.

Roman Pickl added a comment - 2014-07-23 07:55

this would also be benefical for other plugins. e.g. see:
https://github.com/xhaggi/deploy-plugin

To use JBoss 7.x and WildFly 8.x support you have to manually upgrade the log4j library in your jenkins.war. This is required because jboss-logging depends on a newer version of log4j.

Roman Pickl added a comment - 2014-07-23 07:55 this would also be benefical for other plugins. e.g. see: https://github.com/xhaggi/deploy-plugin To use JBoss 7.x and WildFly 8.x support you have to manually upgrade the log4j library in your jenkins.war. This is required because jboss-logging depends on a newer version of log4j.

Stefan Brausch added a comment - 2014-08-12 07:05

Same problem as Roman. Update would be great.

Stefan Brausch added a comment - 2014-08-12 07:05 Same problem as Roman. Update would be great.

Michael Prankl added a comment - 2015-06-10 20:49

I had some similar issues with Hibernate 4, which uses jboss-logging, which also depends on a newer version of log4j.
So I opened a PR for this - https://github.com/jenkinsci/jenkins/pull/1734

The old version of log4j was pulled in by
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security</artifactId>
as a runtime dependency, so I just added an explicit compile dependency to the latest log4j version (1.2.17).

Thoughts on this?

Michael Prankl added a comment - 2015-06-10 20:49 I had some similar issues with Hibernate 4, which uses jboss-logging, which also depends on a newer version of log4j. So I opened a PR for this - https://github.com/jenkinsci/jenkins/pull/1734 The old version of log4j was pulled in by <groupId>org.acegisecurity</groupId> <artifactId>acegi-security</artifactId> as a runtime dependency, so I just added an explicit compile dependency to the latest log4j version (1.2.17). Thoughts on this?

SCM/JIRA link daemon added a comment - 2015-06-29 11:32

Code changed in jenkins
User: Michael Prankl
Path:
core/pom.xml
http://jenkins-ci.org/commit/jenkins/b6cdc39343a63ac457f9a47588f8674b48166a44
Log:
~~JENKINS-4433~~ Upgrade log4j to 1.2.17

SCM/JIRA link daemon added a comment - 2015-06-29 11:32 Code changed in jenkins User: Michael Prankl Path: core/pom.xml http://jenkins-ci.org/commit/jenkins/b6cdc39343a63ac457f9a47588f8674b48166a44 Log: JENKINS-4433 Upgrade log4j to 1.2.17

SCM/JIRA link daemon added a comment - 2015-06-29 11:32

Code changed in jenkins
User: Michael Prankl
Path:
core/pom.xml
pom.xml
http://jenkins-ci.org/commit/jenkins/8886b04ab5cbdb591f64704d0bba896d0d61d3ff
Log:
~~JENKINS-4433~~ Add log4j to dependency management section, exclude it for acegi-security dependency.

SCM/JIRA link daemon added a comment - 2015-06-29 11:32 Code changed in jenkins User: Michael Prankl Path: core/pom.xml pom.xml http://jenkins-ci.org/commit/jenkins/8886b04ab5cbdb591f64704d0bba896d0d61d3ff Log: JENKINS-4433 Add log4j to dependency management section, exclude it for acegi-security dependency.

SCM/JIRA link daemon added a comment - 2015-06-29 11:32

Code changed in jenkins
User: Ulli Hafner
Path:
core/pom.xml
pom.xml
http://jenkins-ci.org/commit/jenkins/bc744f989204fa21c1569b1c21ed046997da043a
Log:
Merge pull request #1734 from eidottermihi/master

[FIXED JENKINS-4433] Explicitly set log4j version to 1.2.17.

Compare: https://github.com/jenkinsci/jenkins/compare/5d002924628a...bc744f989204

SCM/JIRA link daemon added a comment - 2015-06-29 11:32 Code changed in jenkins User: Ulli Hafner Path: core/pom.xml pom.xml http://jenkins-ci.org/commit/jenkins/bc744f989204fa21c1569b1c21ed046997da043a Log: Merge pull request #1734 from eidottermihi/master [FIXED JENKINS-4433] Explicitly set log4j version to 1.2.17. Compare: https://github.com/jenkinsci/jenkins/compare/5d002924628a...bc744f989204

dogfood added a comment - 2015-06-29 12:32

Integrated in jenkins_main_trunk #4196
~~JENKINS-4433~~ Upgrade log4j to 1.2.17 (Revision b6cdc39343a63ac457f9a47588f8674b48166a44)
~~JENKINS-4433~~ Add log4j to dependency management section, exclude it for acegi-security dependency. (Revision 8886b04ab5cbdb591f64704d0bba896d0d61d3ff)

Result = UNSTABLE
eidottermihi : b6cdc39343a63ac457f9a47588f8674b48166a44
Files :

core/pom.xml

eidottermihi : 8886b04ab5cbdb591f64704d0bba896d0d61d3ff
Files :

core/pom.xml
pom.xml

dogfood added a comment - 2015-06-29 12:32 Integrated in jenkins_main_trunk #4196 JENKINS-4433 Upgrade log4j to 1.2.17 (Revision b6cdc39343a63ac457f9a47588f8674b48166a44) JENKINS-4433 Add log4j to dependency management section, exclude it for acegi-security dependency. (Revision 8886b04ab5cbdb591f64704d0bba896d0d61d3ff) Result = UNSTABLE eidottermihi : b6cdc39343a63ac457f9a47588f8674b48166a44 Files : core/pom.xml eidottermihi : 8886b04ab5cbdb591f64704d0bba896d0d61d3ff Files : core/pom.xml pom.xml

Assignee:: Unassigned

Reporter:: Andrea Barbieri

Votes:: 11 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2009-09-10 04:10

Updated:: 2015-06-29 12:32

Resolved:: 2015-06-29 11:32

Jenkins

Details

Description

Attachments

Activity

Collapse comment: Andrea Barbieri added a comment - 2010-05-17 02:47

Expand comment: Andrea Barbieri added a comment - 2010-05-17 02:47

Collapse comment: Thomas Hallgren added a comment - 2012-11-14 16:40

Expand comment: Thomas Hallgren added a comment - 2012-11-14 16:40

Collapse comment: Ryszard Łach added a comment - 2013-03-15 12:03

Expand comment: Ryszard Łach added a comment - 2013-03-15 12:03

Collapse comment: Roman Pickl added a comment - 2014-07-23 07:55

Expand comment: Roman Pickl added a comment - 2014-07-23 07:55

Collapse comment: Stefan Brausch added a comment - 2014-08-12 07:05

Expand comment: Stefan Brausch added a comment - 2014-08-12 07:05

Collapse comment: Michael Prankl added a comment - 2015-06-10 20:49

Expand comment: Michael Prankl added a comment - 2015-06-10 20:49

Collapse comment: SCM/JIRA link daemon added a comment - 2015-06-29 11:32

Expand comment: SCM/JIRA link daemon added a comment - 2015-06-29 11:32

Collapse comment: SCM/JIRA link daemon added a comment - 2015-06-29 11:32

Expand comment: SCM/JIRA link daemon added a comment - 2015-06-29 11:32

Collapse comment: SCM/JIRA link daemon added a comment - 2015-06-29 11:32

Expand comment: SCM/JIRA link daemon added a comment - 2015-06-29 11:32

Collapse comment: dogfood added a comment - 2015-06-29 12:32

Expand comment: dogfood added a comment - 2015-06-29 12:32

People

Dates