Renew log4j 1.2.17 reference suppression to 2026-06-01#287

Merged

Jenson3210 merged 1 commit into

mainfrom

renew-log4j-suppression-2026-06

May 7, 2026

Jenson3210 commented May 7, 2026 •

edited by moderne-meeseeks Bot

Loading

Contributor

Summary

The suppression for the log4j 1.2.17 reference jar expired on 2026-05-01. The jar is shipped only so the migration recipe can identify the legacy log4j artifact — it isn't loaded at runtime, so the CRITICAL CVEs against it remain non-exploitable in this context. Renewed until="2026-06-01Z".

Refs https://github.com/moderneinc/dependency-vulnerability-reports/issues/1054

Test plan

xmllint validates suppressions.xml
Next dependency-check scan no longer flags log4j 1.2.17 CVEs in this repo


          Renew log4j 1.2.17 reference suppression to 2026-06-01

70636d7

Suppression expired 2026-05-01. Renewed; the log4j 1.2.17 jar is a
reference-only dependency used by the migration recipe to identify
the legacy log4j artifact, not loaded at runtime.

Refs https://github.com/moderneinc/dependency-vulnerability-reports/issues/1054

moderne-meeseeks Bot added this to OpenRewrite

moderne-meeseeks Bot assigned Jenson3210

github-project-automation Bot moved this to In Progress in OpenRewrite

Jenson3210 merged commit 43fc6c2 into main

1 check passed

Jenson3210 deleted the renew-log4j-suppression-2026-06 branch

May 7, 2026 14:49

github-project-automation Bot moved this from In Progress to Done in OpenRewrite

mergify Bot added a commit to robfrank/linklift that referenced this pull request


          chore(deps): bump org.openrewrite.recipe:rewrite-logging-frameworks f…

b8d596f

…rom 3.27.2 to 3.29.0 [skip ci]

Bumps [org.openrewrite.recipe:rewrite-logging-frameworks](https://github.com/openrewrite/rewrite-logging-frameworks) from 3.27.2 to 3.29.0.
Release notes

*Sourced from [org.openrewrite.recipe:rewrite-logging-frameworks's releases](https://github.com/openrewrite/rewrite-logging-frameworks/releases).*

> 3.29.0
> ------
>
> What's Changed
> --------------
>
> * Regenerate recipes.csv by [`@timtebeek`](https://github.com/timtebeek) in [openrewrite/rewrite-logging-frameworks#292](https://redirect.github.com/openrewrite/rewrite-logging-frameworks/pull/292)
> * Fix re-escaping of control characters when rebuilding Java string literals in logging recipes. by [`@motlin`](https://github.com/motlin) in [openrewrite/rewrite-logging-frameworks#293](https://redirect.github.com/openrewrite/rewrite-logging-frameworks/pull/293)
> * Add Log4j2IsEnabledToSlf4j Refaster recipe to convert isEnabled(Level) level guards to SLF4J isXEnabled() calls. by [`@motlin`](https://github.com/motlin) in [openrewrite/rewrite-logging-frameworks#294](https://redirect.github.com/openrewrite/rewrite-logging-frameworks/pull/294)
>
> **Full Changelog**: <openrewrite/rewrite-logging-frameworks@v3.28.0...v3.29.0>
>
> 3.28.0
> ------
>
> What's Changed
> --------------
>
> * Renew log4j 1.2.17 reference suppression to 2026-06-01 by [`@Jenson3210`](https://github.com/Jenson3210) in [openrewrite/rewrite-logging-frameworks#287](https://redirect.github.com/openrewrite/rewrite-logging-frameworks/pull/287)
> * Update log4j-api TypeTable to 2.26.0 by [`@timtebeek`](https://github.com/timtebeek) in [openrewrite/rewrite-logging-frameworks#288](https://redirect.github.com/openrewrite/rewrite-logging-frameworks/pull/288)
> * Preserve formatting when ParameterizedLogging has nothing to parameterize by [`@timtebeek`](https://github.com/timtebeek) in [openrewrite/rewrite-logging-frameworks#290](https://redirect.github.com/openrewrite/rewrite-logging-frameworks/pull/290)
>
> **Full Changelog**: <openrewrite/rewrite-logging-frameworks@v3.27.0...v3.28.0>
>
> v3.27.3
> -------
>
> What's Changed
> --------------
>
> * OpenRewrite [v8.81.6](https://github.com/openrewrite/rewrite/releases/tag/v8.81.6)
> * Fix IndexOutOfBoundsException when JUL placeholders exceed argument count by [`@timtebeek`](https://github.com/timtebeek) in [openrewrite/rewrite-logging-frameworks#284](https://redirect.github.com/openrewrite/rewrite-logging-frameworks/pull/284)
> * Fix exception consumed by format placeholder in CompleteExceptionLogging by [`@timtebeek`](https://github.com/timtebeek) in [openrewrite/rewrite-logging-frameworks#285](https://redirect.github.com/openrewrite/rewrite-logging-frameworks/pull/285)
>
> **Full Changelog**: <openrewrite/rewrite-logging-frameworks@v3.26.0...v3.27.3>


Commits

* [`944b9c2`](openrewrite/rewrite-logging-frameworks@944b9c2) Add Log4j2IsEnabledToSlf4j Refaster recipe to convert isEnabled(Level) level ...
* [`246f4d3`](openrewrite/rewrite-logging-frameworks@246f4d3) Fix re-escaping of control characters when rebuilding Java string literals in...
* [`d5537a4`](openrewrite/rewrite-logging-frameworks@d5537a4) Update Gradle wrapper 9.5.1
* [`58e431b`](openrewrite/rewrite-logging-frameworks@58e431b) Regenerate recipes.csv ([#292](https://redirect.github.com/openrewrite/rewrite-logging-frameworks/issues/292))
* [`28afd35`](openrewrite/rewrite-logging-frameworks@28afd35) Remove explicit test dependencies
* [`14f50ad`](openrewrite/rewrite-logging-frameworks@14f50ad) Preserve formatting when ParameterizedLogging has nothing to parameterize ([#2](https://redirect.github.com/openrewrite/rewrite-logging-frameworks/issues/2)...
* [`32e22cb`](openrewrite/rewrite-logging-frameworks@32e22cb) Update log4j-api TypeTable to 2.26.0 ([#288](https://redirect.github.com/openrewrite/rewrite-logging-frameworks/issues/288))
* [`b7824c6`](openrewrite/rewrite-logging-frameworks@b7824c6) OpenRewrite recipe best practices
* [`43fc6c2`](openrewrite/rewrite-logging-frameworks@43fc6c2) Renew log4j 1.2.17 reference suppression to 2026-06-01 ([#287](https://redirect.github.com/openrewrite/rewrite-logging-frameworks/issues/287))
* See full diff in [compare view](openrewrite/rewrite-logging-frameworks@v3.27.2...v3.29.0)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet