Skip to content

Commit

Permalink
Override logback version to 1.13.14
Browse files Browse the repository at this point in the history 
This commit overrides the logback version in order to fix CVE-2023-6378.

See #5593
  • Loading branch information
@onobc
onobc committed Dec 7, 2023
1 parent 5c3b90f commit 5964c5e
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 7 deletions.
8 changes: 1 addition & 7 deletions spring-cloud-dataflow-build/spring-cloud-dataflow-build-dependencies/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
<kubernetes-fabric8-client.version>5.12.4</kubernetes-fabric8-client.version>
<junit.version>4.13.1</junit.version>
<junit-jupiter.version>5.9.2</junit-jupiter.version>
<logback.version>1.3.14</logback.version>
</properties>
<dependencyManagement>
<dependencies>
Expand Down Expand Up @@ -87,13 +88,6 @@
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>${spring-boot.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
Expand Down
17 changes: 17 additions & 0 deletions spring-cloud-dataflow-parent/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@
<spring-security.version>5.7.11</spring-security.version>
<jackson-bom.version>2.13.5</jackson-bom.version>
<guava.version>32.1.3-jre</guava.version>
<logback.version>1.3.14</logback.version>
</properties>
<dependencyManagement>
<dependencies>
Expand Down Expand Up @@ -113,6 +114,22 @@
<artifactId>spring-security-oauth2-client</artifactId>
<version>${spring-security.version}</version>
</dependency>
<!-- Override Logback provided by Spring Boot -->
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>${logback.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>${logback.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-access</artifactId>
<version>${logback.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
Expand Down

0 comments on commit 5964c5e

Please sign in to comment.