Build of upgraded CXF contains regressions - org.slf4j dependencies. This issue blocks WS Interoperability testing. I'm getting "SLF4J: Detected both log4j-over-slf4j.jar AND slf4j-log4j12.jar on the class path, preempting StackOverflowError." error. Please exclude following dependencies cxf-rt-ws-security dependency tree. | | +- org.slf4j:jcl-over-slf4j:jar:1.7.2.redhat-3:compile | | +- org.slf4j:jul-to-slf4j:jar:1.6.4:compile | | \- org.slf4j:log4j-over-slf4j:jar:1.6.4:compile ER4 (CXF 2.7.10) +- org.apache.cxf:cxf-rt-ws-security:jar:2.7.11.redhat-1:compile (version managed from 2.7.10) | +- net.sf.ehcache:ehcache-core:jar:2.5.1:compile | +- org.apache.ws.security:wss4j:jar:1.6.15.redhat-1:compile (version managed from 1.6.15) | +- org.opensaml:opensaml:jar:2.5.3.redhat-2:compile | | +- org.opensaml:openws:jar:1.4.4.redhat-2:compile (version managed from 1.4.4) | | | \- org.opensaml:xmltooling:jar:1.3.4.redhat-3:compile (version managed from 1.3.4) | | +- joda-time:joda-time:jar:1.6.2-redhat-4:compile | | +- xalan:serializer:jar:2.7.1.redhat-7:runtime (version managed from 2.7.1) | | +- org.slf4j:jcl-over-slf4j:jar:1.7.2.redhat-3:compile | | +- org.slf4j:jul-to-slf4j:jar:1.6.4:compile | | \- org.slf4j:log4j-over-slf4j:jar:1.6.4:compile | \- commons-logging:commons-logging:jar:1.1.1:compile ER3 (CXF 2.7.11) +- org.apache.cxf:cxf-rt-ws-security:jar:2.7.10.redhat-1:compile (version managed from 2.7.10) | +- net.sf.ehcache:ehcache-core:jar:2.5.1:compile | +- org.apache.ws.security:wss4j:jar:1.6.14.redhat-1:compile (version managed from 1.6.14) | | \- org.opensaml:opensaml:jar:2.5.3.redhat-2:compile (version managed from 2.5.1-1) | | +- org.opensaml:openws:jar:1.4.4.redhat-2:compile (version managed from 1.4.4) | | | \- org.opensaml:xmltooling:jar:1.3.4.redhat-3:compile (version managed from 1.3.4) | | +- joda-time:joda-time:jar:1.6.2-redhat-4:compile | | \- xalan:serializer:jar:2.7.1.redhat-7:runtime (version managed from 2.7.1) | \- commons-logging:commons-logging:jar:1.1.1:compile Full tree for ER3: https://jenkins.mw.lab.eng.bos.redhat.com/hudson/view/EAP6/view/EAP6-WS/job/eap-6x-jbossws-cxf-client-dep-tree/35/artifact/jbossqe-eap-tests-ws/jbossws-cxf-client/dependency-tree-4.3.0.Final-redhat-2-using-BOM.txt Full tree for ER4: https://jenkins.mw.lab.eng.bos.redhat.com/hudson/view/EAP6/view/EAP6-WS/job/eap-6x-jbossws-cxf-client-dep-tree/36/artifact/jbossqe-eap-tests-ws/jbossws-cxf-client/dependency-tree-4.3.0.Final-redhat-2-using-BOM.txt
exclusions of log4j are commented in the upstream, https://github.com/apache/cxf/blob/cxf-2.7.11/rt/ws/security/pom.xml I uncommented those exclusions and could build cxf 2.7.11 locally successfully.
Fixed in redhat-2 builds: https://brewweb.devel.redhat.com/buildinfo?buildID=357172 https://brewweb.devel.redhat.com/buildinfo?buildID=357171
PR: https://github.com/jbossas/jboss-eap/pull/1340
Should be fixed in EAP 6.3.0 ER5 build
Verified on EAP 6.3.0 ER5 https://jenkins.mw.lab.eng.bos.redhat.com/hudson/view/EAP6/view/EAP6-WS/job/eap-6x-jbossws-cxf-slf4j-dependency-check/