I tried to see how I could update the project myself locally, but even with Intellij, I didn't manage to have a working config after 3 hours (or I didn't understand the structure enough). I see that the jars are copied locally in the repo, and no standard java-like configuration is used.
Since there is a CVE, it is suggested to upgrade to 1.4.14 or other patched versions https://avd.aquasec.com/nvd/2023/cve-2023-6378/ https://logback.qos.ch/news.html#1.3.14
I tried to see how I could update the project myself locally, but even with Intellij, I didn't manage to have a working config after 3 hours (or I didn't understand the structure enough). I see that the jars are copied locally in the repo, and no standard java-like configuration is used.