0

I need to exclude the log4j artifact from the shade plug-in to avoid the log4j vulnerability, however, the exclude tag under artifactSet does not seem to work. Any suggestion to fix this?

<groupId>org.apache.maven.plugins</groupId> <artifactId>maven-shade-plugin</artifactId> <version>3.2.4</version> ~~ <executions> <execution> <phase>package</phase> <goals> <goal>shade</goal> </goals> <configuration> <artifactSet> <excludes> <exclude>*:log4j-core:jar</exclude> </excludes> </artifactSet> ~~~

I keep getting below error: Failed to execute goal org.apache.maven.plugins:maven-shade-plugin:3.2.4:shade (default) on project : Execution default of goal org.apache.maven.plugins:maven-shade-plugin:3.2.4:shade failed: Plugin org.apache.maven.plugins:maven-shade-plugin:3.2.4 or one of its dependencies could not be resolved: Could not find artifact org.apache.logging.log4j:log4j-core:jar:2.13.0

Improve this question
3
  • Does this help? Or maybe just change the version? Commented Jan 22, 2022 at 3:19
  • The output looks like you don't even use log4j-core... Commented Jan 22, 2022 at 14:05
  • thanks TheAmateurCoder and khmarbaise for the comments. I tried changing the versions but getting same error. I want to exclude the log4j-core which this plug-in tries to resolve during build time. It throws this error when I run 'mvn install' command/ Commented Jan 23, 2022 at 3:50

1 Answer 1

Reset to default
0

I meet the same problem, and finally solved by maven-shade-plugin config. In your case, you want to exclude log4j-core, your filter config must put outside of artifactSet as below.

  1. find log4j-core class path prefix, for example org/slf4j/;

  2. put this class path prefix in filter exclude rule, run cmd mvn package

  3. use vim your-target.jar to check exclude success or not, you will find that org/slf4j has gone.

  4. for more exclude info, pls see https://maven.apache.org/plugins/maven-shade-plugin/examples/includes-excludes.html

     <filter> <artifact>*:*</artifact> <excludes> <exclude>org/slf4j/**</exclude> </excludes> </filter>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.