Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update logback to handle CVE-2023-6378 #5593

Closed
onobc opened this issue Dec 6, 2023 · 0 comments
Closed

Update logback to handle CVE-2023-6378 #5593

onobc opened this issue Dec 6, 2023 · 0 comments
Assignees
Milestone

Comments

@onobc
Copy link
Contributor

onobc commented Dec 6, 2023

Need to update logback to deal w/ CVE-2023-6378.

We are on 1.2.12 - fix it to update to 1.2.13.

NOTE: 1.2.13 does have the CVE fix, but Maven is slow to update this reported fact (background).

@onobc onobc self-assigned this Dec 6, 2023
@onobc onobc added this to the 2.11.2 milestone Dec 6, 2023
@onobc onobc changed the title Update logback to handle CVE-2023-35116 Update logback to handle CVE-2023-6378 Dec 6, 2023
onobc added a commit to onobc/spring-cloud-dataflow that referenced this issue Dec 7, 2023
This commit overrides the logback version in order to fix CVE-2023-6378.

See spring-cloud#5593
onobc added a commit to onobc/spring-cloud-deployer that referenced this issue Dec 7, 2023
This commit overrides the logback version in order to fix CVE-2023-6378.

See spring-cloud/spring-cloud-dataflow#5593
onobc added a commit to onobc/spring-cloud-dataflow that referenced this issue Dec 7, 2023
This commit overrides the logback version in order to fix CVE-2023-6378.

See spring-cloud#5593
onobc added a commit to onobc/spring-cloud-deployer that referenced this issue Dec 7, 2023
This commit overrides the logback version in order to fix CVE-2023-6378.

See spring-cloud/spring-cloud-dataflow#5593
corneil pushed a commit to spring-cloud/spring-cloud-deployer that referenced this issue Dec 7, 2023
This commit overrides the logback version in order to fix CVE-2023-6378.

See spring-cloud/spring-cloud-dataflow#5593
onobc added a commit that referenced this issue Dec 7, 2023
This commit overrides the logback version in order to fix CVE-2023-6378.

See #5593
@onobc onobc closed this as completed Dec 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant