Skip to content

[Snyk] Upgrade org.slf4j:slf4j-log4j12 from 1.5.0 to 1.7.36#3

Open
papicella wants to merge 1 commit into
masterfrom
snyk-upgrade-b146fcb2fd1ccbb120a92811c88c766b
Open

[Snyk] Upgrade org.slf4j:slf4j-log4j12 from 1.5.0 to 1.7.36#3
papicella wants to merge 1 commit into
masterfrom
snyk-upgrade-b146fcb2fd1ccbb120a92811c88c766b

Conversation

@papicella
Copy link
Copy Markdown
Owner

@papicella papicella commented May 9, 2026

snyk-top-banner

Snyk has created this PR to upgrade org.slf4j:slf4j-log4j12 from 1.5.0 to 1.7.36.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 56 versions ahead of your current version.

  • The recommended version was released 4 years ago.

Breaking Change Risk

Merge Risk: Medium

Notice: This assessment is enhanced by AI.

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade org.slf4j:slf4j-log4j12 from 1.5.0 to 1.7.36
4175aed 
Snyk has created this PR to upgrade org.slf4j:slf4j-log4j12 from 1.5.0 to 1.7.36.

See this package in maven:
org.slf4j:slf4j-log4j12

See this project in Snyk:
https://app.snyk.io/org/pas.apicella-41p/project/a6786958-c6a5-4bc8-818b-640ed31d5217?utm_source=github&utm_medium=referral&page=upgrade-pr
@papicella
Copy link
Copy Markdown
Owner Author

papicella commented May 9, 2026

Merge Risk: Medium

This upgrade spans multiple major-minor versions of SLF4J, from 1.5.0 to 1.7.36. While the API is designed to be backward-compatible, there are important changes to be aware of.

Key Changes:

  • Java Version Requirement: SLF4J version 1.7.0 and higher require Java 1.5 or later. [2, 3, 6] Projects running on older Java versions will need to upgrade their environment.
  • Log4j 1.x Replaced with Reload4j: Due to security vulnerabilities in log4j 1.x (like Log4Shell), the slf4j-log4j12 artifact in version 1.7.36 automatically redirects to slf4j-reload4j. [2, 10] reload4j is a secure, drop-in replacement for log4j 1.2.17. [13] This is a critical security update but should not require code changes.
  • API Varargs: The Logger interface was updated in version 1.7.0 to use varargs. This change is fully backward-compatible with code compiled against older versions. [3, 6]
  • Behavior on Missing Binding: Since version 1.6.0, if no logging implementation is found, SLF4J defaults to a no-operation (NOP) logger instead of throwing an error. [2, 3]

Recommendation:

Verify that your project's runtime environment uses Java 1.5 or newer. The upgrade is highly recommended for the security benefits of moving from log4j 1.x to reload4j. No application code changes are expected to be necessary for this upgrade.

Source: SLF4J documentation and release notes. [1, 3]

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

@papicella
Copy link
Copy Markdown
Owner Author

papicella commented May 9, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@papicella @snyk-bot