Force specific library version in Maven and Gradle

Maven

For Maven users, you can follow these instructions and the set the log4j2.version property.

For example:

<properties>
    <log4j2.version>2.15.0</log4j2.version>
</properties>COPY

To check that the override as been applied run ./mvnw dependency:list | grep log4j and check that the version is 2.15.0.

Gradle

For Gradle users, you can follow these instructions and update the version property, import the BOM or use aresolutionStrategy.

For most users, setting the log4j2.version property will be sufficient:

ext['log4j2.version'] = '2.15.0'COPY

If you’re using Gradle’s platform support instead of our dependency management plugin then you can add a dependency to the Log4J BOM:

implementation(platform("org.apache.logging.log4j:log4j-bom:2.15.0"))COPY

And if you can’t use either of those methods then you can declare a resolutionStrategy:

configurations.all {
	resolutionStrategy.eachDependency { DependencyResolveDetails details ->
		if (details.requested.group == 'org.apache.logging.log4j') {
			details.useVersion '2.15.0'
		}
	}
}COPY

Whichever method you choose, to check that the override has been applied you can run ./gradlew dependencyInsight --dependency log4j-core and look for version 2.15.0.