As part Log4jshell problem, we are trying to analyze which projects use which version of Log4j. I did try the following maven commands
mvn dependency:list | grep log4j
mvn dependency:tree -Dverbose
mvn dependency:tree -Dverbose | grep log4
But it lists information only like this
mvn dependency:tree | grep log4
[INFO] \- org.apache.logging.log4j:log4j-api:jar:2.13.1:provided
[INFO] - org.apache.logging.log4j:log4j-api:jar:2.13.1:provided
[INFO] | | - log4j:log4j:jar:1.2.16:compile
[INFO] | | - log4j:log4j:jar:1.2.16:compile
[INFO] | - log4j:log4j:jar:1.2.17:provided
[INFO] - log4j:log4j:jar:1.2.17:compile
[INFO] - org.apache.logging.log4j:log4j-api:jar:2.13.1:compile
[INFO] \- org.apache.logging.log4j:log4j-core:jar:2.13.1:compile
[INFO] - org.apache.logging.log4j:log4j-api:jar:2.13.1:compile
[INFO] - org.apache.logging.log4j:log4j-core:jar:2.13.1:compile
[INFO] - org.springframework.boot:spring-boot-starter-log4j2:jar:2.1.8.RELEASE:compile
[INFO] | - org.apache.logging.log4j:log4j-slf4j-impl:jar:2.11.2:compile
[INFO] | - org.apache.logging.log4j:log4j-jul:jar:2.11.2:compile
[INFO] - org.springframework.boot:spring-boot-starter-log4j2:jar:2.1.8.RELEASE:compile
I cannot find which project in our workspace it points to. Can anyone please help on this?
Note: There are several maven projects and there is a parent pom.xml for all the pom.xml files. So want to identify which maven projects are using log4j along with the name.
CodePudding user response:
Use the includes option
mvn dependency:tree -Dincludes=org.apache.logging.log4j
example output:
[INFO] com.test:test:jar:0.0.1-SNAPSHOT
[INFO] \- org.springframework.boot:spring-boot-starter-security:jar:2.5.3:compile
[INFO] \- org.springframework.boot:spring-boot-starter:jar:2.5.3:compile
[INFO] \- org.springframework.boot:spring-boot-starter-logging:jar:2.5.3:compile
[INFO] \- org.apache.logging.log4j:log4j-to-slf4j:jar:2.14.1:compile
[INFO] \- org.apache.logging.log4j:log4j-api:jar:2.14.1:compile
CodePudding user response:
Thanks for the answer. Yes it did answer to my question. I used the command like below and got the result.
mvn dependency:tree -Dincludes=org.apache.logging.log4j -DoutputFile=pwd
/maven-report-log4j.txt -DappendOutput=true