Update Logback to 1.3.14 to address CVE-2023-6481. Note that the underlying vulnerability was actually fixed in the previous update, but we still need to update for a more complete fix. From the Logback website:
More complete fix for CVE-2023-6378 both for the 1.4.x series and the 1.3.x series...In order to encourage users to upgrade to versions 1.3.14/1.4.14 CVE-2023-6481 has been created even though the underlying vulnerability for both CVE records is identical.
In addition, we update the config variable name maxLifetime to poolMaxLifetime in the documentation, to address a naming oversight from the last update.
Update Logback to 1.3.14 to address CVE-2023-6481. Note that the underlying vulnerability was actually fixed in the previous update, but we still need to update for a more complete fix. From the Logback website:
In addition, we update the config variable name
maxLifetimetopoolMaxLifetimein the documentation, to address a naming oversight from the last update.