Hi Ceki, then https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5929 should probably be updated to reflect that in the CPE configuration? If you don't plan to backport to v1.1 then the configuration should mark all 1.1 versions vulnerable. What do you think?
Thanks, Alexander -----Ursprüngliche Nachricht----- Von: logback-user [mailto:[email protected]] Im Auftrag von Ceki Gülcü Gesendet: Mittwoch, 15. März 2017 10:08 An: logback users list <[email protected]> Betreff: Re: [logback-user] Does Logback v1.1.11 fix CVE-2017-5929? No, 1.2.0 does. On 3/15/2017 10:06, Alexander von Buchholtz wrote: > Hi, > > > > as I couldn‘t find any release notes/information about the logback > release v1.1.11: does this release include the fix for CVE-2017-5929? > > > > Thanks, > > Alexander > > > > _______________________________________________ > logback-user mailing list > [email protected] > http://mailman.qos.ch/mailman/listinfo/logback-user > _______________________________________________ logback-user mailing list [email protected] http://mailman.qos.ch/mailman/listinfo/logback-user _______________________________________________ logback-user mailing list [email protected] http://mailman.qos.ch/mailman/listinfo/logback-user
