Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-3511

Make Log4j use its own BOM

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • 3.0.0
    • None
    • None

    Description

      Even though we provide a BOM module (`log4j-bom`), we don't consume it ourselves. Hence occasionally we end up publishing artifacts not included in the BOM. Consuming our own BOM decreases the chances of missing out artifacts in BOM, though doesn't totally eliminate the chances of that happening.

      When I read how Maven advises to structure the BOM module, I understand what needs to be in the case of Log4j is the following:

      /pom.xml (`log4j-bom` module)
      /log4j-parent/pom.xml (`log4j` module importing `log4j-bom`)
      /log4j-parent/log4j-core/pom.xml (`log4j-core` module parented by `log4j`)

      Though what we have in reality is the following:

      /log4j-bom/pom.xml (`log4j-bom` module)
      /pom.xml (`log4j` module parented by `logging-parent`)
      /log4j-core/pom.xml (`log4j-core` module parented by `log4j`)

      Ideally we should follow the Maven-advised approach and consume from our BOM parented by `logging-parent`.

      See the related mailing list discussion.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            vy Volkan Yazici

            Dates

              Created:
              Updated:

              Slack

                Issue deployment