[jira] [Commented] (SLING-11021) Update logback to 1.2.9 for CVE-2021-42550

Carsten Ziegeler (Jira) Fri, 17 Dec 2021 06:27:20 -0800


    [ 
https://issues.apache.org/jira/browse/SLING-11021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17461477#comment-17461477
 ]


Carsten Ziegeler commented on SLING-11021:
------------------------------------------

Apart from security fixes, logback has also removed groovy support:
"Removed Groovy configuration support. As logging is so pevasive and 
configuration with Groovy is probably too powerful, this feature is unlikely to 
be reinstated for security reasons"

> Update logback to 1.2.9 for  CVE-2021-42550
> -------------------------------------------
>
>                 Key: SLING-11021
>                 URL: https://issues.apache.org/jira/browse/SLING-11021
>             Project: Sling
>          Issue Type: Improvement
>          Components: Commons
>    Affects Versions: Commons Log 5.2.0
>            Reporter: Carsten Ziegeler
>            Assignee: Carsten Ziegeler
>            Priority: Major
>             Fix For: Commons Log 5.2.2
>
>
> To include a fix for  CVE-2021-42550 we should update logback to 1.2.9, 
> http://logback.qos.ch/news.html



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (SLING-11021) Update logback to 1.2.9 for CVE-2021-42550

Reply via email to