Skip to content

chore(deps): Bump logback-version from 1.5.34 to 1.5.35#24215

Merged
apupier merged 1 commit into
mainfrom
dependabot/maven/logback-version-1.5.35
Jun 24, 2026
Merged

chore(deps): Bump logback-version from 1.5.34 to 1.5.35#24215
apupier merged 1 commit into
mainfrom
dependabot/maven/logback-version-1.5.35

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor

Bumps logback-version from 1.5.34 to 1.5.35.
Updates ch.qos.logback:logback-core from 1.5.34 to 1.5.35

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.35

026-06-23 Release of logback version 1.5.35

• The 'condition' attribute in <if> elements now rejects unicode escape sequences (\u and \U). This closes a bypass of the existing prohibition on the new operator in Janino-evaluated conditions. This issue was reported by IcySun (icysun@qq.com) and registered as CVE-2026-13006.

• Added ConfiguratorRank.AUTHENTICATING (rank 100), the highest configurator rank, for certified/authenticating configurators discovered via the ServiceLoader mechanism. ContextInitializer now requires that at most one such configurator exist on the classpath; if more than one is found, initialization aborts with an error.

ConsoleCharsetPropertyDefiner is no longer shipped. The Java 21 multi-release compilation of logback-core has been disabled, which removes this class from the published artifact. Configurations that referenced ch.qos.logback.core.property.ConsoleCharsetPropertyDefiner will need an alternative approach for console charset detection.

• The logback-examples module is now included in artifacts published to Maven Central.

JoranConfigurator.makeAnotherInstance() and DefaultJoranConfigurator.performMultiStepConfigurationFileSearch() are now protected, allowing derived configurators to override these methods.

• A bitwise identical binary of this version can be reproduced by building from source code at commit 08bd1598d565d83444f72983935e7da4746783b7 associated with the tag v_1.5.35. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • 08bd159 preapre release 1.5.35
  • 37d256b indentation changes only
  • d3d7307 minor comment
  • fa0411a radomize file location
  • 834fdba disable consoleCharset test
  • 42eabc3 fix messages in IfModelHandler
  • 347efc8 add unicode escape prevention
  • 1b6ba73 allow derived classes to override makeAnotherInstance
  • 340e8be check for unicode escape codes in Janino conditions
  • 4468f5e adding support for certifying configurators
  • Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.34 to 1.5.35

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.35

026-06-23 Release of logback version 1.5.35

• The 'condition' attribute in <if> elements now rejects unicode escape sequences (\u and \U). This closes a bypass of the existing prohibition on the new operator in Janino-evaluated conditions. This issue was reported by IcySun (icysun@qq.com) and registered as CVE-2026-13006.

• Added ConfiguratorRank.AUTHENTICATING (rank 100), the highest configurator rank, for certified/authenticating configurators discovered via the ServiceLoader mechanism. ContextInitializer now requires that at most one such configurator exist on the classpath; if more than one is found, initialization aborts with an error.

ConsoleCharsetPropertyDefiner is no longer shipped. The Java 21 multi-release compilation of logback-core has been disabled, which removes this class from the published artifact. Configurations that referenced ch.qos.logback.core.property.ConsoleCharsetPropertyDefiner will need an alternative approach for console charset detection.

• The logback-examples module is now included in artifacts published to Maven Central.

JoranConfigurator.makeAnotherInstance() and DefaultJoranConfigurator.performMultiStepConfigurationFileSearch() are now protected, allowing derived configurators to override these methods.

• A bitwise identical binary of this version can be reproduced by building from source code at commit 08bd1598d565d83444f72983935e7da4746783b7 associated with the tag v_1.5.35. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • 08bd159 preapre release 1.5.35
  • 37d256b indentation changes only
  • d3d7307 minor comment
  • fa0411a radomize file location
  • 834fdba disable consoleCharset test
  • 42eabc3 fix messages in IfModelHandler
  • 347efc8 add unicode escape prevention
  • 1b6ba73 allow derived classes to override makeAnotherInstance
  • 340e8be check for unicode escape codes in Janino conditions
  • 4468f5e adding support for certifying configurators
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps `logback-version` from 1.5.34 to 1.5.35.

Updates `ch.qos.logback:logback-core` from 1.5.34 to 1.5.35
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.34...v_1.5.35)

Updates `ch.qos.logback:logback-classic` from 1.5.34 to 1.5.35
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.34...v_1.5.35)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-core
  dependency-version: 1.5.35
  dependency-type: direct:development
  update-type: version-update:semver-patch
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.35
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 24, 2026
@github-actions

Copy link
Copy Markdown
Contributor

🌟 Thank you for your contribution to the Apache Camel project! 🌟
🤖 CI automation will test this PR automatically.

🐫 Apache Camel Committers, please review the following items:

  • First-time contributors require MANUAL approval for the GitHub Actions to run
  • You can use the command /component-test (camel-)component-name1 (camel-)component-name2.. to request a test from the test bot although they are normally detected and executed by CI.
  • You can label PRs using skip-tests and test-dependents to fine-tune the checks executed by this PR.
  • Build and test logs are available in the summary page. Only Apache Camel committers have access to the summary.

⚠️ Be careful when sharing logs. Review their contents before sharing them publicly.

@apupier apupier merged commit 15bd0f7 into main Jun 24, 2026
5 checks passed
@dependabot dependabot Bot deleted the dependabot/maven/logback-version-1.5.35 branch June 24, 2026 09:29
@github-actions

Copy link
Copy Markdown
Contributor

🧪 CI tested the following changed modules:

  • parent

POM dependency changes: targeted tests included

Changed properties: logback-version

Modules affected by dependency changes (8)
  • :camel-archetype-api-component
  • :camel-archetype-dataformat
  • :camel-archetype-java
  • :camel-archetype-main
  • :camel-archetype-spring
  • :camel-jbang-it
  • :camel-rocketmq
  • :camel-test-infra-cli
All tested modules (10 modules)
  • Camel :: Archetypes :: API Component
  • Camel :: Archetypes :: Data Format
  • Camel :: Archetypes :: Java Router
  • Camel :: Archetypes :: Main
  • Camel :: Archetypes :: Spring XML Based Router (deprecated)
  • Camel :: Archetypes :: Spring XML Based Router (deprecated) SUCCESS
  • Camel :: JBang :: Integration tests
  • Camel :: Parent
  • Camel :: RocketMQ
  • Camel :: Test Infra :: Cli (Camel CLI)

⚙️ View full build and test results

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

core-build-and-dependencies dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant