SpringBoot log4j-to-slf4j dependency in spring-boot-dependencies should be removed

The spring-boot-dependencies pom has a reference to log4j-to-slf4j which is included in the log4j-bom. That should be removed to allow for people importing the bom to not run into version conflict issues related to its inclusion. Here are the current symptoms.

Add the following to a spring-boot project.

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-bom</artifactId>
            <version>2.16.0</version>
            <type>pom</type>
            <scope>import</scope>
         </dependency>
    </dependencies>
</dependencyManagement>

The symptom when you use log4j-to-slf4j is it will use the version from the spring-boot-dependencies. Short term fix is just to include both:

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-bom</artifactId>
            <version>2.16.0</version>
            <type>pom</type>
            <scope>import</scope>
         </dependency>
         <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-to-slf4j</artifactId>
            <version>2.16.0</version>
        </dependency>
    </dependencies>
</dependencyManagement>

To answer some questions I know that will come up, we have projects importing other projects that conflict with the version so this was the best way to ensure the version is used vs just changing the log4j.version property. We also use more frameworks than Spring Framework (yeah I know) so including this dependencyManagement was the shortest puck for us to resolution.

Comment From: bclozel

Duplicates #29019