본문 바로가기
Web

[ spring ] egovframework(전자정부프레임워크) log4j 이슈해결 maven & gradle

imcodding 2025. 4. 1. 09:57
반응형

egovframework 3.9.0 버전을 적용했는데, 아래와 같은 이슈가 발생했다.

 

 

| 이슈

egovframework.rte:egovframework.rte.ptl.mvc:3.9.0 > egovframework.rte:egovframework.rte.fdl.cmmn:3.9.0 > egovframework.rte:egovframework.rte.fdl.logging:3.9.0
> Could not resolve org.apache.logging.log4j:log4j-core:2.11.2.
 > Could not get resource 'https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.2/log4j-core-2.11.2.pom'
  > Could not HEAD 'https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.2/log4j-core-2.11.2.pom'.
   > repo1.maven.org
   
SLF4J: Found binding in [jar:file:/C:/Program%20Files/apache-tomcat-9.0.100/webapps/ROOT/WEB-INF/lib/log4j-slf4j-impl-2.11.2.jar!/org/slf4j/impl/StaticLoggerBinder.class
SLF4J: Found binding in [jar:file:/C:/Program%20Files/apache-tomcat-9.0.100/webapps/ROOT/WEB-INF/lib/logback-classic-1.2.3.jar!/org/slf4j/impl/StaticLoggerBinder.class

 

 


롸..? 라이브러리 import는 정상정으로 된 것 같은데.. 에러가 뜬 게 의아해서 egovframework 공식 사이트를 찾아봤다.
egovframework 3.9.0 버전은 2020년에 배포가 되었다. 그런데, 2021년에 log4j 보안 이슈 발생한 것이다. 
(참고  https://www.egovframe.go.kr/home/ntt/nttRead.do?menuNo=74&bbsId=6&nttId=1838)

 

| 해결

그래서 egovframework가 사용하고 있는 log4j 버전은 제외시키고, 버전이 높은 log4j를 추가해서 해결해주었다.

반응형

 

| Maven

/* pom.xml */

<dependencies>
    <dependency>
        <groupId>egovframework.rte</groupId>
        <artifactId>egovframework.rte.ptl.mvc</artifactId>
        <version>${egovframework.rte.version}</version>
        <exclusions>
            <exclusion>
                <groupId>org.apache.logging.log4j</groupId>
                <artifactId>log4j-core</artifactId>
            </exclusion>
            <exclusion>
                <groupId>org.apache.logging.log4j</groupId>
                <artifactId>log4j-slf4j-impl</artifactId>
            </exclusion>
        </exclusions>
    </dependency>

    <dependency>
        <groupId>org.apache.logging.log4j</groupId>
        <artifactId>log4j-core</artifactId>
        <version>2.17.2</version>
    </dependency>

</dependencies>



| Gradle

dependencies {
	compile 'org.apache.logging.log4j:log4j-core:2.17.2'
}
configurations {
	complie.exclude group:"org.apache.logging.log4j", module:"log4j-core"
	complie.exclude group:"org.apache.logging.log4j", module:"log4j-slf4j-impl"
}


후.. 이거 찾아서 해결하는 데도 꽤나 많은 시간이 걸린 듯..

반응형
저작자표시

'Web' 카테고리의 다른 글

[ spring ] 최초 폐쇄망(내부망) 순수 gradle 환경 세팅  (0) 2025.04.02
[ spring ] egovframework(전자정부프레임워크) 3.9.0 적용 maven & gradle  (0) 2025.04.01
[ Gradle ] gradle exclude dependency (gradle 의존성 제외)  (0) 2025.03.31
[ spring ] 폐쇄망(내부망) gradle 세팅 및 이슈 해결  (0) 2025.03.27
[ spring ] maven gradle 변환(마이그레이션)  (0) 2025.03.25

'Web' Related Articles

코딩코딩코Linux ( CentOS , ubuntu ) / Mobile ( Android ) / javascript / mysql / oracle / Spring / Spring boot 리눅스 안드로이드 개념 및 코딩

티스토리툴바