excluding transitive dependency to log4j2 2.17.0

See georchestra/georchestra#3838 (comment) for the motivations. Tests: build time, generated war does not contain the problematic dependency anymore: ``` % jar tf cas.war | grep log4j WEB-INF/lib/sentry-log4j2-6.10.0.jar WEB-INF/lib/log4j-web-2.18.0.jar WEB-INF/lib/spring-boot-starter-log4j2-2.7.3.jar WEB-INF/lib/log4j-jcl-2.18.0.jar WEB-INF/lib/log4j-layout-template-json-2.18.0.jar WEB-INF/lib/log4j-core-2.18.0.jar WEB-INF/lib/log4j-jul-2.18.0.jar WEB-INF/lib/log4j-slf4j-impl-2.18.0.jar WEB-INF/lib/log4j-api-2.18.0.jar ```
georchestra · Jun 7, 2024 · a2252c7 · a2252c7
1 parent 20cbb9c
commit a2252c7
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/build.gradle b/build.gradle
@@ -89,7 +89,9 @@ dependencies {
     implementation "org.apereo.cas:cas-server-support-oauth-webflow:${casServerVersion}"
     implementation "org.apereo.cas:cas-server-support-oidc:${casServerVersion}"
     implementation "org.apereo.cas:cas-server-support-saml-idp:${casServerVersion}"
-    implementation group: 'io.sentry', name: 'sentry-log4j2', version: '6.10.0'
+    implementation(group: 'io.sentry', name: 'sentry-log4j2', version: '6.10.0') {
+      exclude group: 'org.apache.logging.log4j'
+    }
 
     providedCompile "org.springframework.boot:spring-boot:${springBootVersion}"
 }