You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@felix.apache.org by "Karl Pauls (Jira)" <ji...@apache.org> on 2021/12/15 00:19:00 UTC

[jira] [Updated] (FELIX-6484) Update logback dependency to 1.2.8 (fix for LOGBACK-1591)

     [ https://issues.apache.org/jira/browse/FELIX-6484?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Karl Pauls updated FELIX-6484:
------------------------------
    Summary: Update logback dependency to 1.2.8 (fix for LOGBACK-1591)  (was: Update logback dependency to overcome CVE-2021-44228)

> Update logback dependency to 1.2.8 (fix for LOGBACK-1591)
> ---------------------------------------------------------
>
>                 Key: FELIX-6484
>                 URL: https://issues.apache.org/jira/browse/FELIX-6484
>             Project: Felix
>          Issue Type: Task
>          Components: Felix Logback
>            Reporter: Raymond Augé
>            Assignee: Raymond Augé
>            Priority: Major
>             Fix For: felix-logback-1.0.6
>
>
> See http://logback.qos.ch/news.html#:~:text=Release%20of%20version%201.2.8
> FYI felix.logback does not contain the affected version of logback. We're just updating the transitive dependency so that in cases where transitive deps are used a secured version is used.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)