wu-sheng commented on issue #813: Currently used version of logback contains a 
security vulnerability
URL: 
https://github.com/apache/incubator-skywalking/issues/813#issuecomment-365140470
 
 
   @fredsjones Thanks a lot for your share. I will do the upgrade. But I have 
to be clear about the `logback` role in our project, which is related to 
SkyWalking application toolkit.
   
   SkyWalking application toolkit is just about creating bridge between 
libraries and SkyWalking core. We didn't actually use those libraries codes. 
(https://github.com/apache/incubator-skywalking/blob/master/apm-application-toolkit/apm-toolkit-logback-1.x/pom.xml#L36)
 So the dependency is just for compiling stage only. Only risk of security is 
only related the end-user.
   
   Anyway, this explanation is only for solving your concern.
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to