Closed hohwille closed 2 years ago
Update: We do not maintain logback version in our POMs/BOMs explicitly. It comes with spring-boot. Due to #550 this issue might already been resolved. In that case we can already close it. Otherwise we need to explicitly override the version in our POM.
Yes.. https://github.com/devonfw/devon4j/pull/550 updated logback to 1.2.11. Hence closing this issue.
Criticality:
low
cite from logback website:
CVE-Link or steps to reproduce:
https://cve.report/CVE-2021-42550