Tal Ron created TINKERPOP-3050: ---------------------------------- Summary: severity security vulnerability in logback-core Key: TINKERPOP-3050 URL: https://issues.apache.org/jira/browse/TINKERPOP-3050 Project: TinkerPop Issue Type: Bug Components: console Affects Versions: 3.6.6 Reporter: Tal Ron
used logback-core version is: 1.2.11- [CVE-2023-6378|https://github.com/advisories/GHSA-vmq6-5m68-f53m] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6378] [https://github.com/advisories/GHSA-vmq6-5m68-f53m] I see that even latest v1.2.13 has security issue: [https://mvnrepository.com/artifact/ch.qos.logback/logback-core] 1.3.12, 1.3.14, 1.4.12 and latest 1.4.14 are currently safe -- This message was sent by Atlassian Jira (v8.20.10#820010)