elasticsearch/libs/log4j/build.gradle

plugins {
  id 'base'
  id 'elasticsearch.repositories'
}

configurations {
  log4j {
    transitive = false
  }
}

dependencies {
  log4j "org.apache.logging.log4j:log4j-core:${versions.log4j}"
}

// Strip out JndiLookup class to avoid any possibility of exploitation of CVE-2021-44228
// See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
// See: https://issues.apache.org/jira/browse/LOG4J2-3201
def patchLog4j = tasks.register('patchLog4j', Zip) {
  archiveExtension = 'jar'
  from({ zipTree(configurations.log4j.singleFile) }) {
    exclude '**/JndiLookup.class'
  }
}

artifacts {
  'default'(patchLog4j)
}
Patch log4j JAR to remove JndiLookup class (#81629) 2021-12-11 07:51:38 +08:00			`plugins {`
			`id 'base'`
			`id 'elasticsearch.repositories'`
			`}`

			`configurations {`
			`log4j {`
			`transitive = false`
			`}`
			`}`

			`dependencies {`
			`log4j "org.apache.logging.log4j:log4j-core:${versions.log4j}"`
			`}`

			`// Strip out JndiLookup class to avoid any possibility of exploitation of CVE-2021-44228`
			`// See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228`
			`// See: https://issues.apache.org/jira/browse/LOG4J2-3201`
			`def patchLog4j = tasks.register('patchLog4j', Zip) {`
			`archiveExtension = 'jar'`
			`from({ zipTree(configurations.log4j.singleFile) }) {`
			`exclude '**/JndiLookup.class'`
			`}`
			`}`

			`artifacts {`
			`'default'(patchLog4j)`
			`}`