Closed MatKuhr closed 4 years ago
Hi @MatKuhr thanks a lot for reporting! We already recognized it and fixed it in version 2.5.2 which will be released hopefuly today.
https://github.com/SAP/cloud-security-xsuaa-integration/blob/master/CHANGELOG.md#252
Thanks!
Ok cool, thanks 👍
Hi, when using
com.sap.cloud.security:java-api:2.5.1:compile
we discovered that the module depends onorg.slf4j:slf4j-simple:1.7.30:compile
.This is a problem because it brings an SLF4J implementation to the classpath which is unexpected. If there is already an implementation present the application will exit with an exception, since having multiple logging implementations present are not tolerated. Also this is hard to discover because it can be easily missed by test scenarios.
For the above reasons I think it might be better to not introduce this dependency through
java-api
. For now we solved the problem by excluding the transitive dependency in our import:Just FYI, for our setup we have a
maven-enforcer-plugin
rule in place that enforces we do not export logging implementations in our project: