Uploaded image for project: 'Groovy'
  1. Groovy
  2. GROOVY-10416

Bump logback to 1.2.8 (test dependency)

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 3.0.10, 4.0.0-rc-2
    • None
    • None

    Description

      Groovy doesn't bundle a version of Logback in its distribution nor list it as a dependency in its pom (or bom), so isn't directly affected by CVE-2021-42550. Folks using logback directly may wish to upgrade their version or follow the advice in the links.

      See also:
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42550
      https://jira.qos.ch/browse/LOGBACK-1591

      Attachments

        Activity

          People

            paulk Paul King
            paulk Paul King
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: