Hi folks, Currently I’m working on some backports, because OWASP reports CVEs on the 3.8 branch and noticed in the PRs that we should only upgrade logback on the master branch. Why is that?
logback-core-1.2.13.jar (pkg:maven/ch.qos.logback/logback-core@1.2.13, cpe:2.3:a:qos:logback:1.2.13:*:*:*:*:*:*:*) : CVE-2024-12798, CVE-2024-12801 Regards, Andor
