Skip to content

chore(deps): Bump logback-version from 1.5.35 to 1.5.36#24264

Merged
davsclaus merged 1 commit into
mainfrom
dependabot/maven/logback-version-1.5.36
Jun 26, 2026
Merged

chore(deps): Bump logback-version from 1.5.35 to 1.5.36#24264
davsclaus merged 1 commit into
mainfrom
dependabot/maven/logback-version-1.5.36

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 26, 2026

Copy link
Copy Markdown
Contributor

Bumps logback-version from 1.5.35 to 1.5.36.
Updates ch.qos.logback:logback-core from 1.5.35 to 1.5.36

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.36

2026-06-25 Release of logback version 1.5.36

• The 'condition' attribute in <if> elements now reject certain references that are associated with ACE attacks. This issue was reported by "yulate" (yulate531@gmail.com.com) and registered as CVE-2026-13006.

• A bitwise identical binary of this version can be reproduced by building from source code at commit 9b94c37562bf25a6a944146701d42ee6c4eee888 associated with the tag v_1.5.36. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

Updates ch.qos.logback:logback-classic from 1.5.35 to 1.5.36

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.36

2026-06-25 Release of logback version 1.5.36

• The 'condition' attribute in <if> elements now reject certain references that are associated with ACE attacks. This issue was reported by "yulate" (yulate531@gmail.com.com) and registered as CVE-2026-13006.

• A bitwise identical binary of this version can be reproduced by building from source code at commit 9b94c37562bf25a6a944146701d42ee6c4eee888 associated with the tag v_1.5.36. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps `logback-version` from 1.5.35 to 1.5.36.

Updates `ch.qos.logback:logback-core` from 1.5.35 to 1.5.36
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.35...v_1.5.36)

Updates `ch.qos.logback:logback-classic` from 1.5.35 to 1.5.36
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.35...v_1.5.36)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-core
  dependency-version: 1.5.36
  dependency-type: direct:development
  update-type: version-update:semver-patch
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.36
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 26, 2026
@github-actions

Copy link
Copy Markdown
Contributor

🌟 Thank you for your contribution to the Apache Camel project! 🌟
🤖 CI automation will test this PR automatically.

🐫 Apache Camel Committers, please review the following items:

  • First-time contributors require MANUAL approval for the GitHub Actions to run
  • You can use the command /component-test (camel-)component-name1 (camel-)component-name2.. to request a test from the test bot although they are normally detected and executed by CI.
  • You can label PRs using skip-tests and test-dependents to fine-tune the checks executed by this PR.
  • Build and test logs are available in the summary page. Only Apache Camel committers have access to the summary.

⚠️ Be careful when sharing logs. Review their contents before sharing them publicly.

@github-actions

Copy link
Copy Markdown
Contributor

🧪 CI tested the following changed modules:

  • parent

POM dependency changes: targeted tests included

Changed properties: logback-version

Changed managed dependencies: ch.qos.logback:logback-core, ch.qos.logback:logback-classic

Modules affected by dependency changes (13)
  • :apache-camel
  • :camel-allcomponents
  • :camel-archetype-api-component
  • :camel-archetype-dataformat
  • :camel-archetype-java
  • :camel-archetype-main
  • :camel-archetype-spring
  • :camel-jbang-it
  • :camel-rocketmq
  • :camel-spring-cloud-config
  • :camel-test-infra-cli
  • :coverage
  • :docs

🔬 Detected via Maveniverse Scalpel effective POM comparison

All tested modules (15 modules)
  • Camel :: All Components Sync point
  • Camel :: Archetypes :: API Component
  • Camel :: Archetypes :: Data Format
  • Camel :: Archetypes :: Java Router
  • Camel :: Archetypes :: Main
  • Camel :: Archetypes :: Spring XML Based Router (deprecated)
  • Camel :: Archetypes :: Spring XML Based Router (deprecated) SUCCESS
  • Camel :: Assembly
  • Camel :: Coverage
  • Camel :: Docs
  • Camel :: JBang :: Integration tests
  • Camel :: Parent
  • Camel :: RocketMQ
  • Camel :: Spring Cloud Config
  • Camel :: Test Infra :: Cli (Camel CLI)

⚙️ View full build and test results

@davsclaus davsclaus merged commit 16e545a into main Jun 26, 2026
5 checks passed
@dependabot dependabot Bot deleted the dependabot/maven/logback-version-1.5.36 branch June 26, 2026 08:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

core-build-and-dependencies dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant