You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@iotdb.apache.org by ha...@apache.org on 2021/12/28 01:17:24 UTC

[iotdb] 01/01: [IOTDB-2209] Fix logback CVE-2021-42550 issue

This is an automated email from the ASF dual-hosted git repository.

haonan pushed a commit to branch IOTDB2209
in repository https://gitbox.apache.org/repos/asf/iotdb.git

commit 3e6e0373be82e60dc8be72fed7e6525e8262f4eb
Author: HTHou <hh...@outlook.com>
AuthorDate: Tue Dec 28 09:16:26 2021 +0800

    [IOTDB-2209] Fix logback CVE-2021-42550 issue
---
 LICENSE-binary | 4 ++--
 pom.xml        | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index de449d9..9845489 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -290,8 +290,8 @@ org.slf4j:jcl-over-slf4j:1.7.25
 EPL 1.0
 ------------
 com.h2database:h2-mvstore:1.4.199
-ch.qos.logback:logback-classic:1.2.3
-ch.qos.logback:logback-core:1.2.3
+ch.qos.logback:logback-classic:1.2.10
+ch.qos.logback:logback-core:1.2.10
 
 
 CDDL 1.1
diff --git a/pom.xml b/pom.xml
index 5396f9c..ed8ad9b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -120,7 +120,7 @@
         <hive2.version>2.3.6</hive2.version>
         <junit.version>4.13.2</junit.version>
         <slf4j.version>1.7.12</slf4j.version>
-        <logback.version>1.2.3</logback.version>
+        <logback.version>1.2.10</logback.version>
         <joda.version>2.9.9</joda.version>
         <spark.version>2.4.3</spark.version>
         <flink.version>1.14.0</flink.version>