Skip to content

Commit

Permalink
Override logback version to 1.2.13 (#415)
Browse files Browse the repository at this point in the history 
This commit overrides the logback version in order to fix CVE-2023-6378.

See spring-cloud/spring-cloud-dataflow#5593
  • Loading branch information
@onobc
onobc committed Dec 7, 2023
1 parent 0582721 commit 4cdb55e
Showing 1 changed file with 17 additions and 0 deletions.
17 changes: 17 additions & 0 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@
<spring-boot.version>2.7.18</spring-boot.version>
<maven.compiler.source>${java.version}</maven.compiler.source>
<maven.compiler.target>${java.version}</maven.compiler.target>
<logback.version>1.2.13</logback.version>
</properties>

<modules>
Expand Down Expand Up @@ -102,6 +103,22 @@
<type>pom</type>
<scope>import</scope>
</dependency>
<!-- Override Logback provided by Spring Boot -->
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>${logback.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>${logback.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-access</artifactId>
<version>${logback.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
Expand Down

0 comments on commit 4cdb55e

Please sign in to comment.