Could not initialize class org.apache.logging.log4j.core.LoggerContex

Question

Due to the recent vulnerability found on Log4j, We were tasked to move to version >= 2.16.0. Initially, my project was using <version>1.2.17</version>

After adding the necessary dependency, and making the necessary changes, on initiating a request I get the below error:

Caused by: java.lang.NoClassDefFoundError: Could not initialize class org.apache.logging.log4j.core.LoggerContext

My POM file

<dependencies>
        <dependency>
            <groupId>javax</groupId>
            <artifactId>javaee-api</artifactId>
            <version>8.0</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-api</artifactId>
            <version>2.16.0</version>
        </dependency>
        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-core</artifactId>
            <version>2.16.0</version>
        </dependency>
        <dependency>
            <groupId>com.squareup.okhttp3</groupId>
            <artifactId>okhttp</artifactId>
            <version>4.9.1</version>
        </dependency>
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpclient</artifactId>
            <version>4.5.12</version>
        </dependency>
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpcore</artifactId>
            <version>4.4.13</version>
            <type>jar</type>
        </dependency>
        <dependency>
            <groupId>org.json</groupId>
            <artifactId>json</artifactId>
            <version>20190722</version>
            <type>jar</type>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>5.1.47</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-databind</artifactId>
            <version>2.10.2</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-annotations</artifactId>
            <version>2.10.2</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-core</artifactId>
            <version>2.10.2</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.dataformat</groupId>
            <artifactId>jackson-dataformat-xml</artifactId>
            <version>2.10.2</version>
        </dependency>
        <dependency>
            <groupId>org.codehaus.sonar</groupId>
            <artifactId>sonar-plugin-api</artifactId>
            <version>5.1</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>javax.validation</groupId>
            <artifactId>validation-api</artifactId>
            <version>2.0.0.Final</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>org.hibernate.validator</groupId>
            <artifactId>hibernate-validator-annotation-processor</artifactId>
            <version>6.0.2.Final</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.woodstox</groupId>
            <artifactId>woodstox-core</artifactId>
            <version>5.0.2</version>
        </dependency>
        <dependency>
            <groupId>org.apache.velocity</groupId>
            <artifactId>velocity</artifactId>
            <version>1.7</version>
        </dependency>
        <dependency>
            <groupId>org.apache.velocity</groupId>
            <artifactId>velocity-tools</artifactId>
            <version>2.0</version>
        </dependency>
        <dependency>
            <groupId>org.apache.poi</groupId>
            <artifactId>poi-ooxml</artifactId>
            <version>5.0.0</version>
        </dependency>



        <!-- Tests Dependencies -->
        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
            <version>4.12</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.mockito</groupId>
            <artifactId>mockito-core</artifactId>
            <version>3.5.13</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.glassfish.jersey.core</groupId>
            <artifactId>jersey-common</artifactId>
            <version>2.22.2</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.hamcrest</groupId>
            <artifactId>hamcrest-core</artifactId>
            <version>1.3</version>
            <scope>test</scope>
        </dependency>

        <dependency>
            <groupId>org.eclipse.microprofile</groupId>
            <artifactId>microprofile</artifactId>
            <version>2.0.1</version>
            <type>pom</type>
            <scope>provided</scope>
        </dependency>

and my code and Log4J2 initialization

@Stateless
public class SessionKeyService {

    private static final Logger LOGGER = LogManager.getLogger(SessionKeyService.class);

    public String getSessionKeyID() {
        try {
            String url = properties.getProperty(Global.ENDPOINT_URL);

            ........

            SessionKey sessionKey = new SessionKey();
            sessionKey.setStatus(tokenObj.optString("Status"));
            sessionKey.setMessage(tokenObj.optString("Message"));
            sessionKey.setKey(tokenObj.optString("SessionKey"));

            return sessionKey.getKey();

        } catch (Exception ex) {
            LOGGER.error("Error: "+ex);
        }

        return null;
    }

Log4j2 XML file

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="info" name="AppName" packages="">
    <Appenders>
        <Console name="LogToConsole" target="SYSTEM_OUT">
            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %-5level %logger{36} - %m%n"/>
        </Console>
        <RollingFile name="LogToRollingFile" fileName="/opt/log/app-name.log"
                     filePattern="logs/$${date:yyyy-MM}/app-%d{MM-dd-yyyy}-%i.log.gz">
            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %-5level %logger{36} - %m%n"/>
            <Policies>
                <TimeBasedTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="50 MB" />
            </Policies>
            <DefaultRolloverStrategy max="10"/>
        </RollingFile>

    </Appenders>
    <Loggers>
        <Root level="INFO">
<!--            <AppenderRef ref="syslogAppender" />-->
            <AppenderRef ref="LogToRollingFile"/>
            <AppenderRef ref="LogToConsole" />
        </Root>
    </Loggers>
</Configuration>

Please, I don't know where the LoggerContext is coming up.

As far as I know, the vulnerability does not affect log4J version 1.x. — RealSkeptic, Dec 15 '21 at 10:24
Does this answer your question? [Migration from log4j 1.x to log4j2](https://stackoverflow.com/questions/18593430/migration-from-log4j-1-x-to-log4j2) — matt, Dec 15 '21 at 10:27
@RealSkeptic I am not sure, but company policy requires every project using Log4j should upgrade to latest version. — Emmajiugo, Dec 15 '21 at 10:31
@matt Thanks for sharing but ut didn't help. I have made all necessary changes as required by the doc, added my log4j2.xml file but still having the error — Emmajiugo, Dec 15 '21 at 10:32
Well, you can ask permission from your boss to upgrade the project later, given that it is not really vulnerable, making your problem less urgent and allowing you to do some better research into how version 2 works. — RealSkeptic, Dec 15 '21 at 10:35
Is that the full error you're getting, including line numbers? What about your logging config file? When you say things like " I have made all necessary changes as required by the doc" it is good to enumerate what you've done. (if possible) — matt, Dec 15 '21 at 10:45
@matt I have edited the question and added the log4j2 XML file I am using. No other change was done except what I shared in the question. - I changed the dependency to log4j2 as shared in the pom. - I added the log4j2.xml config to the resources folder removing the previous log4j.properties file. - I made changes to my code to initialize the LogManager as shared in the question. — Emmajiugo, Dec 15 '21 at 11:04
Can you have maven re-import? Is it possible that maven couldn't download all of the log4j2 artifacts? — matt, Dec 15 '21 at 11:10
I thought about that. I went into my .m2 folder and deleted the apache folder. Re-build my application and still the same error. @matt — Emmajiugo, Dec 15 '21 at 11:14

score 6 · Answer 1 · answered Dec 15 '21 at 14:24

6

I found out that WildFly (WidlFly version 24) logging is conflicting with the app when trying to deploy.

SOLUTION: I created a jboss-deployment-structure.xml in my /resources/webapp/WEB-INF/ and included the below

<?xml version="1.0" encoding="UTF-8"?>
<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <deployment>

        <exclude-subsystems>
            <subsystem name="logging"/>
        </exclude-subsystems>

    </deployment>
</jboss-deployment-structure>

answered Dec 15 '21 at 14:24

Emmajiugo

205
1
3
11

I have the same problem and your solution is not working for me. I use Wildfly 25.0.1 – codyLine Dec 16 '21 at 15:26
To be more precise. Now I'm getting ```java.lang.NoClassDefFoundError: org/apache/log4j/Level```. Need help. – codyLine Dec 16 '21 at 15:47
@codyLine share the log4j2 dependency you are using. – Emmajiugo Dec 16 '21 at 18:00
I opened a new thread here: https://stackoverflow.com/questions/70382989/wildfly-not-deploying-app-after-upgrading-log4j-to-version-2-16 – codyLine Dec 16 '21 at 18:11

score 2 · Answer 2 · answered Dec 29 '21 at 10:48

We faced this similar issue and found out that two of our project's dependencies were also transitively using log4j-core and log4j-api jars of different/same versions.

So at the run time there could have been a chance of conflict of multiple LoggerContext due to which we saw this error.

We removed the error by excluding that dependency as it was not necessary.And it worked fine for us.

Although we could also exclude directly log4j from the dependency to solve the issue like below.

       <dependency>
        <groupId>GroupId</groupId>
        <artifactId>ArtifactId</artifactId>
        <version>version</version>
        <exclusions>
            <exclusion>
                 <groupId>org.apache.logging.log4j</groupId>
                 <artifactId>log4j-api</artifactId>
            </exclusion>
            <exclusion>
                 <groupId>org.apache.logging.log4j</groupId>
                 <artifactId>log4j-core</artifactId>
            </exclusion>
        </exclusions>
   </dependency>

score 0 · Answer 3 · answered Dec 17 '21 at 10:41

I encountered this error when I upgraded the log4j-core dependency (because earlier versions had a vulnerability) but I forgot to upgrade the log4j-api dependency. Upgrading both to the latest (at time of writing 2.16.0) fixed it for me.

<dependency>
    <groupId>org.apache.logging.log4j</groupId>
    <artifactId>log4j-core</artifactId>
    <version>2.16.0</version>
</dependency>
<dependency>
  <groupId>org.apache.logging.log4j</groupId>
  <artifactId>log4j-api</artifactId>
  <version>2.16.0</version>
</dependency>

Could not initialize class org.apache.logging.log4j.core.LoggerContex

3 Answers3