Closed yoannguion closed 2 years ago
pax-logging-logback shades ch/qos/logback/classic/spi/PackagingDataCalculator.java
- I'll check the changes between 1.2.3 and 1.2.9
thanks for the PR btw ;)
git lg v_1.2.3..branch_1.2.x -- ./logback-classic/src/main/java/ch/qos/logback/classic/spi/PackagingDataCalculator.java
shows no changes. I'm leaving the shaded class as-is.
Actually, logback packages are NOT exported from pax-logging-logback. The only way to integrate is to create a bundle fragment. Like the org.ops4j.pax.logging:pax-logging-sample-fragment-logback
example.
Hello, I create this PR to include logback 1.2.9
This version fix the CVE-2021-42550 (aka LOGBACK-1591)
I know it is NOT the same security level as log4Shell, but i think this should be included too.