From 7afdb381e436333796cc48dd7177a761ef1b9771 Mon Sep 17 00:00:00 2001
From: edeleon <edeleon@newrelic.com>
Date: Thu, 8 Jan 2026 10:50:30 -0800
Subject: [PATCH 1/3] updating log4j to resolve dependabot reported vuln

---
 newrelic-agent/build.gradle | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/newrelic-agent/build.gradle b/newrelic-agent/build.gradle
index 912d15dde5..a529ae1831 100644
--- a/newrelic-agent/build.gradle
+++ b/newrelic-agent/build.gradle
@@ -90,9 +90,12 @@ dependencies {
     // for command line parsing
     shadowIntoJar 'commons-cli:commons-cli:1.2'
 
-    shadowIntoJar 'org.apache.logging.log4j:log4j-core:2.17.1'
+    shadowIntoJar 'org.apache.logging.log4j:log4j-core:2.25.3'
     shadowIntoJar 'org.slf4j:slf4j-api:1.7.25'
 
+    shadowIntoJar 'org.jspecify:jspecify:1.0.0'
+    shadowIntoJar 'biz.aQute.bnd:biz.aQute.bnd.annotation:6.4.0'
+
     shadowIntoJar 'com.googlecode.json-simple:json-simple:1.1'
 
     shadowIntoJar('com.google.guava:guava:30.1.1-jre')
@@ -178,7 +181,7 @@ task relocatedShadowJar(type: ShadowJar) {
 
             // The following rules are to prevent these transitive dependencies from breaking anything
             "org.apache.log4j", "org.apache.log", "org.apache.avalon",
-            "org.checkerframework", "org.dom4j", "org.zeromq", "org.apache.kafka",
+            "org.checkerframework", "org.jspecify", "aQute", "org.dom4j", "org.zeromq", "org.apache.kafka",
             "com.lmax", "com.conversantmedia", "org.jctools",
             "com.fasterxml", "org.osgi", "org.codehaus", "org.fusesource", "kotlin", "org.jetbrains", "org.intellij",
             "okhttp3", "org.bouncycastle", "org.conscrypt", "org.openjsse"

From 4bbbf4c62be538369daea32dc9585dc7a51f0ae9 Mon Sep 17 00:00:00 2001
From: edeleon <edeleon@newrelic.com>
Date: Tue, 13 Jan 2026 13:55:36 -0800
Subject: [PATCH 2/3] removed unnecessary dependencies

---
 newrelic-agent/build.gradle | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/newrelic-agent/build.gradle b/newrelic-agent/build.gradle
index a529ae1831..958868e5f6 100644
--- a/newrelic-agent/build.gradle
+++ b/newrelic-agent/build.gradle
@@ -93,9 +93,6 @@ dependencies {
     shadowIntoJar 'org.apache.logging.log4j:log4j-core:2.25.3'
     shadowIntoJar 'org.slf4j:slf4j-api:1.7.25'
 
-    shadowIntoJar 'org.jspecify:jspecify:1.0.0'
-    shadowIntoJar 'biz.aQute.bnd:biz.aQute.bnd.annotation:6.4.0'
-
     shadowIntoJar 'com.googlecode.json-simple:json-simple:1.1'
 
     shadowIntoJar('com.google.guava:guava:30.1.1-jre')

From 1f86ddccf289ec9128d1ebe05177ab4f56fc093a Mon Sep 17 00:00:00 2001
From: edeleon <edeleon@newrelic.com>
Date: Fri, 16 Jan 2026 13:41:44 -0800
Subject: [PATCH 3/3] remove log4j Provider service file exclude

---
 newrelic-agent/build.gradle | 1 -
 1 file changed, 1 deletion(-)

diff --git a/newrelic-agent/build.gradle b/newrelic-agent/build.gradle
index 958868e5f6..f4b7051e33 100644
--- a/newrelic-agent/build.gradle
+++ b/newrelic-agent/build.gradle
@@ -201,7 +201,6 @@ task relocatedShadowJar(type: ShadowJar) {
             "LICENSE",
             // log4j2
             "META-INF/versions/9/module-info.class",
-            "META-INF/services/org.apache.logging*",
             // asm
             "module-info.class",
             // httpclient