Update qos-ch.logback version

pinterest / ktlint

An anti-bikeshedding Kotlin linter with built-in formatter

https://pinterest.github.io/ktlint/

MIT License

6.23k stars 512 forks source link

Update qos-ch.logback version #2396

Closed mchan-genetec closed 11 months ago

mchan-genetec commented 11 months ago

The version used for logback should be bumped to either version 1.3.12 which includes this commit or 1.4.12 which has this commit. Both version fix a DOS vulnerability. View CVE record here for more details.

Expected Behavior

Use an updated version of the library from one of the options listed above.

Current Behavior

logback = "ch.qos.logback:logback-classic:1.3.5" is used which still has this vulnerability.

Additional information

Current version of ktlint: 1.0.1

paul-dingemans commented 11 months ago

Tnx for reporting. Will fix in next version.