Closed BobClaerhout closed 4 months ago
Hi, is there an update on this please? This dependency is causing vulnerability scanners to alert for the CVE. Would be good if this can be updated in a next release.
thanks for merging :+1:
I was wondering: what is the release strategy of Tahu? Do you aim for periodic releases or is this feature driven? When could we expect this change to be included in a new version?
Logback has a HIGH vulnerability which can be addressed by upgrading to version 1.2.13: https://avd.aquasec.com/nvd/2023/cve-2023-6378/.
This PR addresses this vulnerability by bumping the logback version.