[
https://issues.apache.org/jira/browse/FELIX-6484?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17459563#comment-17459563
]
Robert Munteanu commented on FELIX-6484:
----------------------------------------
[~rotty3000] - the text you linked to seems to indicate that this is a
different vulnerability. Perhaps it would be clearer if the CVE reference was
removed from the issue title.
> Update logback dependency to overcome CVE-2021-44228
> ----------------------------------------------------
>
> Key: FELIX-6484
> URL: https://issues.apache.org/jira/browse/FELIX-6484
> Project: Felix
> Issue Type: Task
> Components: Felix Logback
> Reporter: Raymond Augé
> Assignee: Raymond Augé
> Priority: Major
> Fix For: felix-logback-1.0.6
>
>
> See http://logback.qos.ch/news.html#:~:text=Release%20of%20version%201.2.8
> FYI felix.logback does not contain the affected version of logback. We're
> just updating the transitive dependency so that in cases where transitive
> deps are used a secured version is used.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
