Closed Vladyslav-IA closed 1 month ago
philsttr
commented
9 months ago Until the version is bumped in logstash-logback-encoder, you can directly depend on the newer logback version in your application, or use dependencyManagement as described in Including it in your project
Vladyslav-IA
commented
9 months ago A new, very similar vulnerability has been discovered CVE-2023-6481
philsttr
commented
1 month ago The logback version will be bumped in the next release of logstash-logback-encoder.
In the meantime, you can directly depend on the newer logback version in your application, or use dependencyManagement as described in Including it in your project
The new vulnerability has been discovered [CVE-2023-6378]. It comes from logback-core that is used in your application. It presents in all including the latest version https://mvnrepository.com/artifact/net.logstash.logback/logstash-logback-encoder/7.4 Could you please upgrade logback-core to latest version? Thank you!