mike-audi
commented
2 years ago confirmed. will bump version with next release. thank you
Closed bhaskarvilles closed 2 years ago
mike-audi
commented
2 years ago confirmed. will bump version with next release. thank you
mike-audi
commented
2 years ago 
Insufficient Hostname Verification in ch.qos.logback:logback-core
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Insufficient Hostname Verification. X.509 are not properly validated. By spoofing the TLS/SSL server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data.
Upgrade ch.qos.logback:logback-core to version 1.2.7 or higher.