Rework Zinc log4j fix

This now uses a combination of require and reject instead of a strictly, which will allow updates beyond the 2.x line. The previous solution was effectively preventing that with no way for the user to change that. Issue #19328
gradle · Dec 16, 2021 · 7f38017 · 7f38017
1 parent bbf80ad
commit 7f38017
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/subprojects/logging/src/main/java/org/gradle/internal/logging/util/Log4jBannedVersion.java b/subprojects/logging/src/main/java/org/gradle/internal/logging/util/Log4jBannedVersion.java
@@ -22,7 +22,6 @@
  */
 public class Log4jBannedVersion {
     public static final String LOG4J2_CORE_COORDINATES = "org.apache.logging.log4j:log4j-core";
-    public static final String LOG4J2_CORE_STRICT_VERSION_RANGE = "[2.15, 3[";
     public static final String LOG4J2_CORE_VULNERABLE_VERSION_RANGE = "[2.0, 2.15[";
     public static final String LOG4J2_CORE_REQUIRED_VERSION = "2.16.0";
 }
diff --git a/subprojects/scala/src/integTest/groovy/org/gradle/scala/ScalaPluginIntegrationTest.groovy b/subprojects/scala/src/integTest/groovy/org/gradle/scala/ScalaPluginIntegrationTest.groovy
@@ -261,7 +261,8 @@ task someTask
     }
 
     @ToBeFixedForConfigurationCache(because = ":dependencies")
-    def 'show that log4j-core, if present, is 2_15_0 at the minimum'() {
+    @Issue("gradle/gradle#19328")
+    def 'show that log4j-core, if present, is 2_16_0 at the minimum'() {
         given:
         file('build.gradle') << """
             apply plugin: 'scala'
@@ -272,9 +273,9 @@ task someTask
         def versionPattern = ~/.*-> 2\.(\d+).*/
         expect:
         succeeds('dependencies', '--configuration', 'zinc')
-        def log4jOutput = result.getOutputLineThatContains("log4j-core:{strictly [2.15, 3[; prefer 2.15.0}")
+        def log4jOutput = result.getOutputLineThatContains("log4j-core:{require 2.16.0; reject [2.0, 2.15[}")
         def matcher = log4jOutput =~ versionPattern
         matcher.find()
-        Integer.valueOf(matcher.group(1)) >= 15
+        Integer.valueOf(matcher.group(1)) >= 16
     }
 }
diff --git a/subprojects/scala/src/main/java/org/gradle/api/plugins/scala/ScalaBasePlugin.java b/subprojects/scala/src/main/java/org/gradle/api/plugins/scala/ScalaBasePlugin.java
@@ -150,8 +150,8 @@ private void configureConfigurations(final Project project, final Usage incremen
         });
 
         zinc.getDependencyConstraints().add(dependencyHandler.getConstraints().create(Log4jBannedVersion.LOG4J2_CORE_COORDINATES, constraint -> constraint.version(version -> {
-            version.strictly(Log4jBannedVersion.LOG4J2_CORE_STRICT_VERSION_RANGE);
-            version.prefer(Log4jBannedVersion.LOG4J2_CORE_REQUIRED_VERSION);
+            version.require(Log4jBannedVersion.LOG4J2_CORE_REQUIRED_VERSION);
+            version.reject(Log4jBannedVersion.LOG4J2_CORE_VULNERABLE_VERSION_RANGE);
         })));
 
         final Configuration incrementalAnalysisElements = project.getConfigurations().create("incrementalScalaAnalysisElements");