Menu
I'm maintaining a Maven project that uses log4j 1.x with a large codebase. Not only is log4j 1.x used in existing code, it is also used by some third party libraries on which the project depends.
I want to start using log4j 2 now, but I wonder if it is worth the hassle.
I know it is possible to mix the two (cf. Mixing log4j 1.x and log4j 2) but what about the third party libraries that depend on log4j 1.x, I'm afraid there will be conflicts.
So should I rather stick to log4j 1.x or risk a dependency hell by upgrading to log4j 2?
631
API CompatibilityLog4j 2 provides support for the Log4j 1 logging methods by providing alternate implementations of the classes containing those methods. These classes may be found in the log4j-1.2-api jar distributed with the project.
Log4j2 is backwards compatible if you add the log4j1 compatibility library. My web-inf\lib has: slf-api. log4j-1.2-api (backwards compat.
Log4j 1. x has reached End of Life in 2015 and is no longer supported. Vulnerabilities reported after August 2015 against Log4j 1. x were not checked and will not be fixed.
I've done so myself. I don't think there will be any issue. Even the project I did for had third party libraries.
You can use log4j-1.2-api-2.x.jar simply. Remove your older log4j-1.2.x.jar and replace with below three jars:
Moreover, for your own code, you can follow migration steps to start using log4j2 api and third party libraries will continue using bridge between older and newer version that is log4j-1.2-api-2.x.jar (aka log4j 1.x bridge)
Below is the official documentation:
Migrate from log4j-1.x to log4j-2
180
It seems that perhaps the naming has changed since @Nitin answered the question. According to the log4j site, the Maven dependency is:
<dependencies>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-1.2-api</artifactId>
<version>2.2</version>
</dependency>
</dependencies>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
