Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update qos-ch.logback version #2396

Closed
mchan-genetec opened this issue Dec 1, 2023 · 1 comment
Closed

Update qos-ch.logback version #2396

mchan-genetec opened this issue Dec 1, 2023 · 1 comment
Milestone
1.1

Comments

@mchan-genetec
Copy link

The version used for logback should be bumped to either version 1.3.12 which includes this commit or 1.4.12 which has this commit. Both version fix a DOS vulnerability.
View CVE record here for more details.

Expected Behavior

Use an updated version of the library from one of the options listed above.

Current Behavior

logback = "ch.qos.logback:logback-classic:1.3.5" is used which still has this vulnerability.

Additional information

  • Current version of ktlint: 1.0.1
@paul-dingemans
Copy link
Collaborator

Tnx for reporting. Will fix in next version.

@paul-dingemans paul-dingemans added this to the 1.1 milestone Dec 1, 2023
paul-dingemans added a commit that referenced this issue Dec 2, 2023
@paul-dingemans
fix(deps): update dependency ch.qos.logback:logback-classic to v1.3.13
52e4f27 
Closes #2396
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.1
Development

No branches or pull requests
2 participants
@paul-dingemans @mchan-genetec