Plugin triggers deprecation warning with Gradle 8.11+ (when log4j dependency is present) #251

jjohannes · 2025-01-17T11:13:20Z

Expected Behavior

Plugin should not use deprecated Gradle API

Current Behavior

These deprecations can be observed:
https://scans.gradle.com/s/c72rjhbzovfoc/deprecations

It is apparently only triggered when Log4J is on the classpath.

at org.gradle.util.VersionNumber.logDeprecation(VersionNumber.java:38) 
at org.gradle.util.VersionNumber.parse(VersionNumber.java:175) 
at com.gradle.publish.PublishPlugin$Log4jVulnerabilityChecker.isVulnerableLog4jDependency(PublishPlugin.java:295)
at com.gradle.publish.PublishPlugin$Log4jVulnerabilityChecker.lambda$null$0(PublishPlugin.java:276)

Steps to Reproduce

Use Gradle 8.11.1 or higher to create a "Gradle Plugin Project"
Add id("com.gradle.plugin-publish") version "1.3.0" (this plugin) in build.gradle.kts
Add dependencies { implementation("org.apache.logging.log4j:log4j-core:2.24.1") } to build.gradle.kts
Run a build

Your Environment

https://scans.gradle.com/s/c72rjhbzovfoc#infrastructure

The text was updated successfully, but these errors were encountered:

jjohannes added the a:bug Something isn't working label Jan 17, 2025

ov7a self-assigned this Jan 17, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Plugin triggers deprecation warning with Gradle 8.11+ (when log4j dependency is present) #251

Plugin triggers deprecation warning with Gradle 8.11+ (when log4j dependency is present) #251

jjohannes commented Jan 17, 2025

Plugin triggers deprecation warning with Gradle 8.11+ (when log4j dependency is present) #251

Plugin triggers deprecation warning with Gradle 8.11+ (when log4j dependency is present) #251

Comments

jjohannes commented Jan 17, 2025

Expected Behavior

Current Behavior

Steps to Reproduce

Your Environment