You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Carsten Ziegeler (Jira)" <ji...@apache.org> on 2021/12/17 14:27:00 UTC
[jira] [Commented] (SLING-11021) Update logback to 1.2.9 for CVE-2021-42550
[ https://issues.apache.org/jira/browse/SLING-11021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17461477#comment-17461477 ]
Carsten Ziegeler commented on SLING-11021:
------------------------------------------
Apart from security fixes, logback has also removed groovy support:
"Removed Groovy configuration support. As logging is so pevasive and configuration with Groovy is probably too powerful, this feature is unlikely to be reinstated for security reasons"
> Update logback to 1.2.9 for CVE-2021-42550
> -------------------------------------------
>
> Key: SLING-11021
> URL: https://issues.apache.org/jira/browse/SLING-11021
> Project: Sling
> Issue Type: Improvement
> Components: Commons
> Affects Versions: Commons Log 5.2.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Priority: Major
> Fix For: Commons Log 5.2.2
>
>
> To include a fix for CVE-2021-42550 we should update logback to 1.2.9, http://logback.qos.ch/news.html
--
This message was sent by Atlassian Jira
(v8.20.1#820001)