[jira] [Commented] (SLING-10998) Update logback to 1.2.8 (CVE-2021-44228)

Carsten Ziegeler (Jira) Tue, 14 Dec 2021 10:04:12 -0800


    [ 
https://issues.apache.org/jira/browse/SLING-10998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17459381#comment-17459381
 ]


Carsten Ziegeler commented on SLING-10998:
------------------------------------------

I think in general, Sling based applications are not affected by the 
vulnerability as the requirements (writable config, config reload) are not met.
Nevertheless we should update the version

> Update logback to 1.2.8 (CVE-2021-44228)
> ----------------------------------------
>
>                 Key: SLING-10998
>                 URL: https://issues.apache.org/jira/browse/SLING-10998
>             Project: Sling
>          Issue Type: Improvement
>          Components: Commons
>            Reporter: Carsten Ziegeler
>            Assignee: Carsten Ziegeler
>            Priority: Major
>             Fix For: Commons Log 5.2.0
>
>
> See http://logback.qos.ch/news.html#:~:text=Release%20of%20version%201.2.8



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (SLING-10998) Update logback to 1.2.8 (CVE-2021-44228)

Reply via email to