JAMES-2209 Upgrade Logback to 1.1.11

logback-classic is vulnerable to CVE-2017-5929.


Project: http://git-wip-us.apache.org/repos/asf/james-project/repo
Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/434126b3
Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/434126b3
Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/434126b3

Branch: refs/heads/master
Commit: 434126b3253416e1c0ab3365950bf3908cfba8b4
Parents: 36ee040
Author: Thibaut SAUTEREAU <tsauter...@linagora.com>
Authored: Wed Nov 8 16:48:24 2017 +0700
Committer: benwa <btell...@linagora.com>
Committed: Thu Nov 9 15:43:44 2017 +0700

----------------------------------------------------------------------
 mpt/pom.xml | 2 --
 pom.xml     | 4 ++--
 2 files changed, 2 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/james-project/blob/434126b3/mpt/pom.xml
----------------------------------------------------------------------
diff --git a/mpt/pom.xml b/mpt/pom.xml
index 7392481..89cd85f 100644
--- a/mpt/pom.xml
+++ b/mpt/pom.xml
@@ -65,8 +65,6 @@
         <log4j.version>1.2.16</log4j.version>
         <lucene-core.version>3.6.0</lucene-core.version>
         <slf4j.version>1.7.25</slf4j.version>
-
-        <logback.version>1.1.7</logback.version>
     </properties>
 
     <build>

http://git-wip-us.apache.org/repos/asf/james-project/blob/434126b3/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 4cb639c..668a55e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -672,7 +672,7 @@
         <guice.version>4.0</guice.version>
         <jackrabbit-core.version>2.5.2</jackrabbit-core.version>
 
-        <logback.version>1.1.7</logback.version>
+        <logback.version>1.1.11</logback.version>
     </properties>
 
     <dependencyManagement>
@@ -1396,7 +1396,7 @@
             <dependency>
                 <groupId>ch.qos.logback</groupId>
                 <artifactId>logback-core</artifactId>
-                <version>1.1.7</version>
+                <version>${logback.version}</version>
             </dependency>
             <dependency>
                 <groupId>com.beetstra.jutf7</groupId>


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

Reply via email to