Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to Logback 1.2.9 #29012

Closed
snicoll opened this issue Dec 14, 2021 · 5 comments
Closed

Upgrade to Logback 1.2.9 #29012

snicoll opened this issue Dec 14, 2021 · 5 comments
Assignees
@snicoll
Labels
type: dependency-upgrade A dependency upgrade
Milestone
2.6.2

Comments

@snicoll
Copy link
Member

snicoll commented Dec 14, 2021

No description provided.

@snicoll snicoll added the type: dependency-upgrade A dependency upgrade label Dec 14, 2021
@snicoll snicoll added this to the 2.6.2 milestone Dec 14, 2021
@snicoll snicoll self-assigned this Dec 14, 2021
@bclozel bclozel pinned this issue Dec 14, 2021
@bclozel
Copy link
Member

bclozel commented Dec 14, 2021

See https://jira.qos.ch/browse/LOGBACK-1591 and https://logback.qos.ch/news.html for background information.
Also:

We note that the vulnerability mentioned in LOGBACK-1591 requires write access to logback's configuration file as a prerequisite. Thus, in addition to upgrading to version 1.2.8, we also recommend users to set their logback configuration files as read-only.

@SpiReCZ
Copy link

SpiReCZ commented Dec 17, 2021
edited

https://jira.qos.ch/browse/LOGBACK-1591?focusedCommentId=20920&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-20920

@snicoll
I suggest re-open this ticket and update to Logback 1.2.9

Logback version 1.2.9 and 1.3.0-alpha11 have been released simultaneously. They should be considered as security fixes superseding 1.2.8.

@bclozel bclozel reopened this Dec 17, 2021
@bclozel bclozel changed the title Upgrade to Logback 1.2.8 Upgrade to Logback 1.2.9 Dec 17, 2021
@x80486

This comment has been minimized.

Sign in to view
@w6et

This comment has been minimized.

Sign in to view
@snicoll

This comment has been minimized.

Sign in to view
@snicoll snicoll unpinned this issue Jan 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@snicoll snicoll

Labels
type: dependency-upgrade A dependency upgrade
Projects
None yet
Milestone
2.6.2
Development

No branches or pull requests
5 participants
@bclozel @snicoll @w6et @SpiReCZ @x80486