Log4j: how to lower the default version?

I have a project on Gretty. Now the project is preparing to deploy to an external server. It turned out that on the external server there is some ancient version of jetty (like, below 9.4), which does not work with JEP-238. And the latest log4j versions are just JEP-238. When trying to run an application on jetty, spits out a fairly well-known error:

https://stackoverflow.com/questions/45311295/error-scanning-entry-module-info-class-when-starting-jetty-server

Options, in fact, two:

1. Raise the version of jetty, which is now not possible
2. Omit log4j version.

The problem is, log4j is not defined as an explicit dependency, but some other one is pulled up. And it is not clear what. Here is build.gradle:

plugins { id 'java' id 'war' id "org.gretty" version "2.2.0" } group 'ru.example' version '0.1' sourceCompatibility = 1.8 targetCompatibility = 1.8 compileJava.options.encoding = 'UTF-8' compileTestJava.options.encoding = 'UTF-8' ext { SPRING_VERSION = '5.1.0.RELEASE' JUNIT_VERSION = '5.3.1' JACKSON_VERSION = '2.9.7' LOMBOK_VERSION = '1.18.2' } repositories { mavenCentral() jcenter() maven { url 'https://oss.sonatype.org/content/repositories/releases/' } } gretty { springBootVersion = '2.0.5.RELEASE' contextPath = "/" } dependencies { // annotationProcessor group: 'org.projectlombok', name: 'lombok', version: LOMBOK_VERSION compileOnly group: 'org.projectlombok', name: 'lombok', version: LOMBOK_VERSION compileOnly group: 'com.google.appengine', name: 'appengine-endpoints-deps', version: '1.9.65' compile group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.3' compile group: 'org.springframework', name: 'spring-webmvc', version: SPRING_VERSION compile group: 'org.springframework', name: 'spring-web', version: SPRING_VERSION compile group: 'org.springframework', name: 'spring-jdbc', version: SPRING_VERSION compile ("org.springframework.security:spring-security-web:4.1.0.RELEASE") { exclude(module:'spring-web') } compile ("org.springframework.security:spring-security-config:4.1.0.RELEASE") compile ("org.springframework.security:spring-security-ldap:4.1.0.RELEASE") compile 'org.thymeleaf:thymeleaf-spring4:3.0.9.RELEASE' compile group: 'org.springframework.boot', name: 'spring-boot-starter-data-jpa', version: '2.0.5.RELEASE' compile group: 'com.mchange', name: 'c3p0', version: '0.9.5.2' compile group: 'org.mariadb.jdbc', name: 'mariadb-java-client', version: '2.3.0' compile group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: JACKSON_VERSION compile group: 'com.fasterxml.jackson.datatype', name: 'jackson-datatype-jsr310', version: JACKSON_VERSION compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: JACKSON_VERSION compile group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.6' compile group: 'org.apache.poi', name: 'poi-ooxml', version: '4.0.0' compile group: 'com.google.guava', name: 'guava', version: '26.0-jre' compile group: 'commons-io', name: 'commons-io', version: '2.6' compile group: 'javax.validation', name: 'validation-api', version: '2.0.1.Final' compile group: 'org.hibernate', name: 'hibernate-validator', version: '6.0.13.Final' // testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: JUNIT_VERSION // testRuntimeOnly group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: JUNIT_VERSION testCompile group: 'org.junit.jupiter', name: 'junit-jupiter-params', version: JUNIT_VERSION testCompile group: 'org.mockito', name: 'mockito-core', version: '2.22.0' testCompile group: 'org.springframework', name: 'spring-test', version: SPRING_VERSION testCompile group: 'org.hamcrest', name: 'hamcrest-library', version: '1.3' testCompile group: 'com.jayway.jsonpath', name: 'json-path-assert', version: '2.4.0' testCompile group: 'com.h2database', name: 'h2', version: '1.4.197' } 

External Libraries store version log4j 2.10.0, and it is necessary to deliver approximately 2.8. I cannot determine from which dependency log4j should be cut out in order to explicitly define a dependency. If there is a solution, tell me how to do it.