You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Carsten Ziegeler (Jira)" <ji...@apache.org> on 2021/12/14 18:04:00 UTC

[jira] [Commented] (SLING-10998) Update logback to 1.2.8 (CVE-2021-44228)

    [ https://issues.apache.org/jira/browse/SLING-10998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17459381#comment-17459381 ] 

Carsten Ziegeler commented on SLING-10998:
------------------------------------------

I think in general, Sling based applications are not affected by the vulnerability as the requirements (writable config, config reload) are not met.
Nevertheless we should update the version

> Update logback to 1.2.8 (CVE-2021-44228)
> ----------------------------------------
>
>                 Key: SLING-10998
>                 URL: https://issues.apache.org/jira/browse/SLING-10998
>             Project: Sling
>          Issue Type: Improvement
>          Components: Commons
>            Reporter: Carsten Ziegeler
>            Assignee: Carsten Ziegeler
>            Priority: Major
>             Fix For: Commons Log 5.2.0
>
>
> See http://logback.qos.ch/news.html#:~:text=Release%20of%20version%201.2.8



--
This message was sent by Atlassian Jira
(v8.20.1#820001)