[dolphinscheduler] branch dev updated: issue-10356: upgrade logback to fix cve (#10357)

[kezhenxu94]

This is an automated email from the ASF dual-hosted git repository.

kezhenxu94 pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git


The following commit(s) were added to refs/heads/dev by this push:
     new d044e0479d issue-10356: upgrade logback to fix cve (#10357)
d044e0479d is described below

commit d044e0479deb88c694973d0e0c51d8b7cbcfac06
Author: PJ Fanning <pjfann...@users.noreply.github.com>
AuthorDate: Fri Jun 3 12:21:40 2022 +0100

    issue-10356: upgrade logback to fix cve (#10357)
---
 dolphinscheduler-dist/release-docs/LICENSE | 4 ++--
 pom.xml                                    | 2 +-
 tools/dependencies/known-dependencies.txt  | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/dolphinscheduler-dist/release-docs/LICENSE 
b/dolphinscheduler-dist/release-docs/LICENSE
index 0002c8dee2..5f4ee43bc2 100644
--- a/dolphinscheduler-dist/release-docs/LICENSE
+++ b/dolphinscheduler-dist/release-docs/LICENSE
@@ -493,8 +493,8 @@ EPL licenses
 The following components are provided under the EPL License. See project link 
for details.
 The text of each license is also included at licenses/LICENSE-[project].txt.
     aspectjweaver 
1.9.7:https://mvnrepository.com/artifact/org.aspectj/aspectjweaver/1.9.7, EPL 
1.0
-    logback-classic 1.2.3: 
https://mvnrepository.com/artifact/ch.qos.logback/logback-classic/1.2.3, EPL 
1.0 and LGPL 2.1
-    logback-core 1.2.3: 
https://mvnrepository.com/artifact/ch.qos.logback/logback-core/1.2.3, EPL 1.0 
and LGPL 2.1
+    logback-classic 1.2.11: 
https://mvnrepository.com/artifact/ch.qos.logback/logback-classic/1.2.11, EPL 
1.0 and LGPL 2.1
+    logback-core 1.2.11: 
https://mvnrepository.com/artifact/ch.qos.logback/logback-core/1.2.11, EPL 1.0 
and LGPL 2.1
     h2-1.4.200 
https://github.com/h2database/h2database/blob/master/LICENSE.txt, MPL 2.0 or 
EPL 1.0
 
 ========================================================================
diff --git a/pom.xml b/pom.xml
index 05a1722c8d..3628920b27 100644
--- a/pom.xml
+++ b/pom.xml
@@ -56,7 +56,7 @@
         <spring.version>5.3.12</spring.version>
         <spring.boot.version>2.5.6</spring.boot.version>
         <java.version>1.8</java.version>
-        <logback.version>1.2.3</logback.version>
+        <logback.version>1.2.11</logback.version>
         <hadoop.version>2.7.3</hadoop.version>
         <quartz.version>2.3.2</quartz.version>
         <jackson.version>2.10.5</jackson.version>
diff --git a/tools/dependencies/known-dependencies.txt 
b/tools/dependencies/known-dependencies.txt
index ce588528af..13e6aa50a5 100755
--- a/tools/dependencies/known-dependencies.txt
+++ b/tools/dependencies/known-dependencies.txt
@@ -133,8 +133,8 @@ libfb303-0.9.3.jar
 libthrift-0.9.3.jar
 log4j-1.2-api-2.14.1.jar
 log4j-1.2.17.jar
-logback-classic-1.2.3.jar
-logback-core-1.2.3.jar
+logback-classic-1.2.11.jar
+logback-core-1.2.11.jar
 lz4-1.3.0.jar
 mapstruct-1.2.0.Final.jar
 micrometer-core-1.7.5.jar