Closed Vladyslav-IA closed 1 month ago
Until the version is bumped in logstash-logback-encoder, you can directly depend on the newer logback version in your application, or use dependencyManagement as described in Including it in your project
A new, very similar vulnerability has been discovered CVE-2023-6481
The logback version will be bumped in the next release of logstash-logback-encoder.
In the meantime, you can directly depend on the newer logback version in your application, or use dependencyManagement as described in Including it in your project
The new vulnerability has been discovered [CVE-2023-6378]. It comes from logback-core that is used in your application. It presents in all including the latest version https://mvnrepository.com/artifact/net.logstash.logback/logstash-logback-encoder/7.4 Could you please upgrade logback-core to latest version? Thank you!