Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update logback-classic to 1.2.13 #2796

Merged
merged 1 commit into from
Dec 6, 2023
Merged

Update logback-classic to 1.2.13 #2796

merged 1 commit into from
Dec 6, 2023

Conversation

t-bast
Copy link
Member

@t-bast t-bast commented Dec 6, 2023

This version of logback fixes the following CVE:

"a potential denial of service attack on a centralized logback receiver when a third party controlling a remote appender connects to said receiver and could shut down or slow down logging of events."

Eclair isn't affected since we don't use logback receivers, but if there are applications or plugins that depend on eclair and use logback receivers, it's better to use the logback version containing the fix.

@t-bast
Update logback-classic
c2a025f 
This version of logback fixes the following CVE:

"a potential denial of service attack on a centralized logback receiver
when a third party controlling a remote appender connects to said
receiver and could shut down or slow down logging of events."

Eclair isn't affected since we don't use logback receivers, but if there
are applications or plugins that depend on eclair and use logback
receivers, it's better to use the logback version containing the fix.
@t-bast t-bast requested review from pm47 and sstone December 6, 2023 12:50
@codecov-commenter
Copy link

Codecov Report

Merging #2796 (c2a025f) into master (d4a498c) will decrease coverage by 0.07%.
The diff coverage is n/a.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #2796      +/-   ##
==========================================
- Coverage   85.93%   85.86%   -0.07%     
==========================================
  Files         216      216              
  Lines       18177    18177              
  Branches      786      786              
==========================================
- Hits        15620    15608      -12     
- Misses       2557     2569      +12

see 10 files with indirect coverage changes

@t-bast t-bast merged commit be4ed3c into master Dec 6, 2023
1 check passed
@t-bast t-bast deleted the update-logback-classic branch December 6, 2023 14:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sstone sstone sstone approved these changes

@pm47 pm47 Awaiting requested review from pm47

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@t-bast @codecov-commenter @sstone