diff --git a/build.gradle b/build.gradle
index 3e05733fba70d4..74146515850a04 100644
--- a/build.gradle
+++ b/build.gradle
@@ -79,6 +79,7 @@ project.ext.externalDependency = [
     'hadoopClient': 'org.apache.hadoop:hadoop-client:3.2.1',
     'hadoopCommon':'org.apache.hadoop:hadoop-common:2.7.2',
     'hadoopMapreduceClient':'org.apache.hadoop:hadoop-mapreduce-client-core:2.7.2',
+    'hadoopCommon3':'org.apache.hadoop:hadoop-common:3.3.4',
     'hibernateCore': 'org.hibernate:hibernate-core:5.2.16.Final',
     'httpClient': 'org.apache.httpcomponents:httpclient:4.5.9',
     'httpAsyncClient': 'org.apache.httpcomponents:httpasyncclient:4.1.5',
@@ -106,6 +107,8 @@ project.ext.externalDependency = [
     'kafkaAvroSerializer': 'io.confluent:kafka-avro-serializer:5.1.4',
     'kafkaClients': 'org.apache.kafka:kafka-clients:2.3.0',
     'logbackClassic': 'ch.qos.logback:logback-classic:1.2.9',
+    'log4jCore': 'org.apache.logging.log4j:log4j-core:2.19.0',
+    'log4jApi': 'org.apache.logging.log4j:log4j-api:2.19.0',
     'lombok': 'org.projectlombok:lombok:1.18.12',
     'mariadbConnector': 'org.mariadb.jdbc:mariadb-java-client:2.6.0',
     'mavenArtifact': "org.apache.maven:maven-artifact:$mavenVersion",
@@ -135,6 +138,7 @@ project.ext.externalDependency = [
     'playPac4j': 'org.pac4j:play-pac4j_2.12:8.0.2',
     'postgresql': 'org.postgresql:postgresql:42.3.3',
     'protobuf': 'com.google.protobuf:protobuf-java:3.19.3',
+    'rangerCommons': 'org.apache.ranger:ranger-plugins-common:2.3.0',
     'reflections': 'org.reflections:reflections:0.9.9',
     'resilience4j': 'io.github.resilience4j:resilience4j-retry:1.7.1',
     'rythmEngine': 'org.rythmengine:rythm-engine:1.3.0',
@@ -180,7 +184,16 @@ configure(subprojects.findAll {! it.name.startsWith('spark-lineage') }) {
 
   configurations.all {
     exclude group: "io.netty", module: "netty"
-    exclude group: "log4j", module: "log4j"
+    exclude group: "org.springframework.boot", module: "spring-boot-starter-logging"
+    exclude group: "ch.qos.logback", module: "logback-classic"
+    exclude group: "org.apache.logging.log4j", module: "log4j-to-slf4j"
+    exclude group: "com.vaadin.external.google", module: "android-json"
+    exclude group: "org.slf4j", module: "slf4j-reload4j"
+    exclude group: "org.slf4j", module: "slf4j-log4j12"
+    exclude group: "org.slf4j", module: "slf4j-nop"
+    exclude group: "org.slf4j", module: "slf4j-ext"
+    exclude group: "org.slf4j", module: "jul-to-slf4j"
+    exclude group: "org.slf4j", module: "jcl-over-toslf4j"
   }
 }
 
diff --git a/datahub-ranger-plugin/build.gradle b/datahub-ranger-plugin/build.gradle
index 554e96e8f6d94a..810b1a1991c9fe 100644
--- a/datahub-ranger-plugin/build.gradle
+++ b/datahub-ranger-plugin/build.gradle
@@ -24,8 +24,11 @@ compileJava {
 }
 
 dependencies {
-    implementation 'org.apache.ranger:ranger-plugins-common:2.3.0'
-    compile 'org.apache.logging.log4j:log4j-1.2-api:2.17.1'
+    implementation(externalDependency.rangerCommons) {
+        exclude group: "org.apache.htrace", module: "htrace-core4"
+    }
+    implementation externalDependency.hadoopCommon3
+    implementation externalDependency.log4jApi
 
     testCompile externalDependency.testng
 }
diff --git a/ingestion-scheduler/build.gradle b/ingestion-scheduler/build.gradle
index b367f1596b97f6..7023ce1208b513 100644
--- a/ingestion-scheduler/build.gradle
+++ b/ingestion-scheduler/build.gradle
@@ -12,10 +12,10 @@ dependencies {
     testAnnotationProcessor externalDependency.lombok
 
     constraints {
-        implementation("org.apache.logging.log4j:log4j-core:2.17.0") {
+        implementation(externalDependency.log4jCore) {
             because("previous versions are vulnerable to CVE-2021-45105")
         }
-        implementation("org.apache.logging.log4j:log4j-api:2.17.0") {
+        implementation(externalDependency.log4jApi) {
             because("previous versions are vulnerable to CVE-2021-45105")
         }
     }
diff --git a/metadata-dao-impl/kafka-producer/build.gradle b/metadata-dao-impl/kafka-producer/build.gradle
index e0ed3b2a2963ba..18b129297f19f6 100644
--- a/metadata-dao-impl/kafka-producer/build.gradle
+++ b/metadata-dao-impl/kafka-producer/build.gradle
@@ -14,12 +14,12 @@ dependencies {
   annotationProcessor externalDependency.lombok
 
   testCompile externalDependency.mockito
-  
+
   constraints {
-    implementation("org.apache.logging.log4j:log4j-core:2.17.0") {
+    implementation(externalDependency.log4jCore) {
         because("previous versions are vulnerable to CVE-2021-45105")
     }
-    implementation("org.apache.logging.log4j:log4j-api:2.17.0") {
+    implementation(externalDependency.log4jApi) {
         because("previous versions are vulnerable to CVE-2021-45105")
     }
   }
diff --git a/metadata-events/mxe-registration/build.gradle b/metadata-events/mxe-registration/build.gradle
index 4a6e265b67b4df..aa5fad09f3fec2 100644
--- a/metadata-events/mxe-registration/build.gradle
+++ b/metadata-events/mxe-registration/build.gradle
@@ -12,12 +12,12 @@ dependencies {
   testCompile project(':test-models')
 
   avroOriginal project(path: ':metadata-models', configuration: 'avroSchema')
-  
+
   constraints {
-    implementation("org.apache.logging.log4j:log4j-core:2.17.0") {
+    implementation(externalDependency.log4jCore) {
         because("previous versions are vulnerable to CVE-2021-45105")
     }
-    implementation("org.apache.logging.log4j:log4j-api:2.17.0") {
+    implementation(externalDependency.log4jApi) {
         because("previous versions are vulnerable to CVE-2021-45105")
     }
   }
diff --git a/metadata-events/mxe-utils-avro-1.7/build.gradle b/metadata-events/mxe-utils-avro-1.7/build.gradle
index 7823dafbbb1347..f8474e21daa0bd 100644
--- a/metadata-events/mxe-utils-avro-1.7/build.gradle
+++ b/metadata-events/mxe-utils-avro-1.7/build.gradle
@@ -8,10 +8,10 @@ dependencies {
   testCompile project(':test-models')
 
   constraints {
-    implementation("org.apache.logging.log4j:log4j-core:2.17.0") {
+    implementation(externalDependency.log4jCore) {
         because("previous versions are vulnerable to CVE-2021-45105")
     }
-    implementation("org.apache.logging.log4j:log4j-api:2.17.0") {
+    implementation(externalDependency.log4jApi) {
         because("previous versions are vulnerable to CVE-2021-45105")
     }
   }
diff --git a/metadata-io/build.gradle b/metadata-io/build.gradle
index 3c0edff7ac4221..0a7924f0020916 100644
--- a/metadata-io/build.gradle
+++ b/metadata-io/build.gradle
@@ -60,10 +60,10 @@ dependencies {
   testAnnotationProcessor externalDependency.lombok
 
   constraints {
-    implementation("org.apache.logging.log4j:log4j-core:2.17.0") {
+    implementation(externalDependency.log4jCore) {
         because("previous versions are vulnerable to CVE-2021-45105")
     }
-    implementation("org.apache.logging.log4j:log4j-api:2.17.0") {
+    implementation(externalDependency.log4jApi) {
         because("previous versions are vulnerable to CVE-2021-45105")
     }
   }
diff --git a/metadata-service/auth-ranger-impl/build.gradle b/metadata-service/auth-ranger-impl/build.gradle
index 546aa7681903b7..7abb9e78ac055e 100644
--- a/metadata-service/auth-ranger-impl/build.gradle
+++ b/metadata-service/auth-ranger-impl/build.gradle
@@ -8,7 +8,11 @@ compileJava {
 dependencies {
     compile project(path: ':metadata-service:auth-api')
 
-    implementation 'org.apache.ranger:ranger-plugins-common:2.3.0'
+    implementation(externalDependency.rangerCommons) {
+        exclude group: "org.apache.htrace", module: "htrace-core4"
+    }
+    implementation externalDependency.hadoopCommon3
+
     implementation 'org.apache.logging.log4j:log4j-1.2-api:2.17.1'
     implementation 'rome:rome:1.0'
     runtimeOnly externalDependency.jna
diff --git a/metadata-service/restli-servlet-impl/build.gradle b/metadata-service/restli-servlet-impl/build.gradle
index 0d66373e8c127e..5e95bc6c6450cd 100644
--- a/metadata-service/restli-servlet-impl/build.gradle
+++ b/metadata-service/restli-servlet-impl/build.gradle
@@ -24,10 +24,10 @@ configurations {
 
 dependencies {
   constraints {
-    implementation("org.apache.logging.log4j:log4j-core:2.17.0") {
-        because("previous versions are vulnerable to CVE-2021-45105") 
+    implementation(externalDependency.log4jCore) {
+        because("previous versions are vulnerable to CVE-2021-45105")
     }
-    implementation("org.apache.logging.log4j:log4j-api:2.17.0") {
+    implementation(externalDependency.log4jApi) {
         because("previous versions are vulnerable to CVE-2021-45105")
     }
   }
@@ -44,6 +44,8 @@ dependencies {
   compile externalDependency.neo4jJavaDriver
   compile externalDependency.opentelemetryAnnotations
 
+  runtimeOnly externalDependency.logbackClassic
+
   annotationProcessor externalDependency.lombok
 
   testCompile project(':test-models')
diff --git a/metadata-utils/build.gradle b/metadata-utils/build.gradle
index 32c13a89984cd8..cb6593a1e581c3 100644
--- a/metadata-utils/build.gradle
+++ b/metadata-utils/build.gradle
@@ -25,10 +25,10 @@ dependencies {
   testCompile project(':test-models')
 
   constraints {
-      implementation("org.apache.logging.log4j:log4j-core:2.17.0") {
+      implementation(externalDependency.log4jCore) {
           because("previous versions are vulnerable to CVE-2021-45105")
       }
-      implementation("org.apache.logging.log4j:log4j-api:2.17.0") {
+      implementation(externalDependency.log4jApi) {
         because("previous versions are vulnerable to CVE-2021-45105")
     }
   }