Merge pull request eclipse-tractusx#40 from catenax-ng/logback_issue_fix

[Fix|DETS] Fixed veracode security issue CVE-2023-6481
catenax-ng · Feb 12, 2024 · dd391b8 · dd391b8
2 parents b38c3c7 + 13744a7
commit dd391b8
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Fixed security issue for openssl
 - Fixed preconfigured connector URL '/' issue
 - Fixed dynamic asset name generation issue
+- Fixed veracode security issue CVE-2023-6481
 
 ### Added
 - Added unit tests for Controller and service

diff --git a/DEPENDENCIES b/DEPENDENCIES
@@ -1,5 +1,7 @@
 maven/mavencentral/ch.qos.logback/logback-classic/1.4.13, EPL-1.0 OR LGPL-2.1-only, approved, #3435
+maven/mavencentral/ch.qos.logback/logback-classic/1.4.14, EPL-1.0 OR LGPL-2.1-only, approved, #3435
 maven/mavencentral/ch.qos.logback/logback-core/1.4.13, EPL-1.0 OR LGPL-2.1-only, approved, #3373
+maven/mavencentral/ch.qos.logback/logback-core/1.4.14, EPL-1.0 OR LGPL-2.1-only, approved, #3373
 maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.15.3, Apache-2.0, approved, #7947
 maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.15.3, MIT AND Apache-2.0, approved, #7932
 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.15.3, Apache-2.0, approved, #7934

diff --git a/pom.xml b/pom.xml
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
 /********************************************************************************
-* Copyright (c) 2023 T-Systems International GmbH
-* Copyright (c) 2023 Contributors to the Eclipse Foundation
+* Copyright (c) 2023, 2024 T-Systems International GmbH
+* Copyright (c) 2023, 2024 Contributors to the Eclipse Foundation
 *
 * See the NOTICE file(s) distributed with this work for additional
 * information regarding copyright ownership.
@@ -56,7 +56,7 @@
 		<dependency>
 			<groupId>ch.qos.logback</groupId>
 			<artifactId>logback-classic</artifactId>
-			<version>1.4.13</version>
+			<version>1.4.14</version>
 			<exclusions>
 				<exclusion>
 					<groupId>ch.qos.logback</groupId>
@@ -67,7 +67,7 @@
 		<dependency>
 			<groupId>ch.qos.logback</groupId>
 			<artifactId>logback-core</artifactId>
-			<version>1.4.13</version>
+			<version>1.4.14</version>
 		</dependency>
 		<dependency>
 			<groupId>org.yaml</groupId>