Hello Done - I've released Pax Logging 1.11.12 and 2.0.13 with the Logback update. Thanks Matt for the initial PR - I've checked that no other changes are required.
regards Grzegorz Grzybek sob., 18 gru 2021 o 05:42 Jean-Baptiste Onofre <j...@nanthrax.net> napisał(a): > Thanks, > > However, the PR is not correct. > > We (Greg and I) will create a right PR and move forward on Pax Logging > release. > > However, just a note for the users: this issue is largely less critical > than log4j one. > Anyway, I will cut maintenance release quickly. > > Regards > JB > > > Le 17 déc. 2021 à 16:35, Matt Pavlovich <mattr...@gmail.com> a écrit : > > > > PR created for pax-logging against main: > https://github.com/ops4j/org.ops4j.pax.logging/pull/425 < > https://github.com/ops4j/org.ops4j.pax.logging/pull/425> > > > > > >> On Dec 17, 2021, at 9:23 AM, Matt Pavlovich <mattr...@gmail.com> wrote: > >> > >> I summarized notes on the Logback CVE-2021-42550 . While significantly > less critical, we probably need to consider another round of releases to > address and bring in logback 1.2.9. > >> > >> notes here: https://issues.apache.org/jira/browse/KARAF-7299 < > https://issues.apache.org/jira/browse/KARAF-7299> > >> > >> Thoughts? > > > >
