在spring boot集成log4j2的项目中,升级log4j2版本至2.15.0有两种方法:
解决办法一:
屏蔽spring-boot-starter-log4j2的log-api和log-core包,单独引用log4j-api和log4j-core的2.15.0版本
<!-- log4j2 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j2</artifactId>
<exclusions>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- log4j-core:2.15.0修复漏洞版本 -->
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.15.0</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.15.0</version>
</dependency>
解决办法二:
在SpringBoot项目pom.xml文件中,增加 <log42.version>2.15.0</log42.version>即可
<properties>
<log4j2.version>2.15.0</log4j2.version>
</properties>
ps:spring boot的父项目中有引用此log42.version变量,当前工程中设置此变量覆盖父项目即可调整log4j的版本