Skip to content

Commit

Permalink
Override logback version to 1.13.14
Browse files Browse the repository at this point in the history
This commit overrides the logback version in order to fix CVE-2023-6378.

See spring-cloud/spring-cloud-dataflow#5593
  • Loading branch information
onobc committed Dec 7, 2023
1 parent 0582721 commit 1d992f9
Showing 1 changed file with 17 additions and 0 deletions.
17 changes: 17 additions & 0 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@
<spring-boot.version>2.7.18</spring-boot.version>
<maven.compiler.source>${java.version}</maven.compiler.source>
<maven.compiler.target>${java.version}</maven.compiler.target>
<logback.version>1.3.14</logback.version>
</properties>

<modules>
Expand Down Expand Up @@ -102,6 +103,22 @@
<type>pom</type>
<scope>import</scope>
</dependency>
<!-- Override Logback provided by Spring Boot -->
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>${logback.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>${logback.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-access</artifactId>
<version>${logback.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
Expand Down

0 comments on commit 1d992f9

Please sign in to comment.