I have added log4j2 2.15.0 version in the pom.xml file and used Logger maneger in the class files. Then deploy the jar and lib folder in the sever but after 1 days or later time when I am going to check in the lib folder again the older version of log4j core and log4j-api (2.11.1) are present in the lib folder , so both the version 2.11.1 and 2.15.0 are present. Why is it happening, can someone explain?
CodePudding user response:
It could be because of the fact that log4j version 2.11.1 coming in Jar/lib could be the part of transitive dependencies of the actual dependencies added in your pom.xml.
go to your Project directory where pom.xml is present thought cmd --> run command --> mvn dependency:tree >>checkDep.txt
A file will be generated in your Project root directory named checkDep.txt --> open and search for 2.11.1.
you will be able to find the actual dependency that is holding log4j old version. After that you can exclude that transitive dependency by writing the below code for your actual dependency in your pom.xml
<dependency>
<groupId>sample.group</groupId>
<artifactId>sample-artifactB</artifactId>
<version>1</version>
<exclusions>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.11.1</version>
</exclusion>
</exclusions>
</dependency>
Having said that I would highly recommend to clear the Log4j library present so that after the maven clean install can populate the proper version based library.