Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgraded Logback version from 1.1.8 to 1.2.3 - CVE-2017-5929 - CWE-502 #2620

Merged
merged 2 commits into from Jun 26, 2019

Conversation

@Coduz
Copy link
Contributor

Coduz commented Jun 13, 2019

This PR bumps the version of Logback libraries to 1.2.3
Transitive dependencies:

  • Lockback Classic: from 1.1.8 to 1.2.3
  • Lockback Core: from 1.1.8 to 1.2.3
  • Slf4j API: from 1.7.24 to 1.7.25

Related Issue
None

Description of the solution adopted
Bumped to the last version available.
On each version we can piggy back on existing CQs.

Screenshots
None

Any side note on the changes made
None

@Coduz Coduz requested review from lorthirk and stefanomorson Jun 13, 2019
@Coduz Coduz added this to To Do in 1.1.0 via automation Jun 13, 2019
@Coduz

This comment has been minimized.

Copy link
Contributor Author

Coduz commented Jun 13, 2019

@Coduz Coduz added CQ approved and removed CQ pending labels Jun 13, 2019
@Coduz Coduz force-pushed the Coduz:chng-bumpLockbackVersionTo1.2.3 branch from 71bc25e to ce2fd44 Jun 17, 2019
@codecov

This comment has been minimized.

Copy link

codecov bot commented Jun 17, 2019

Codecov Report

Merging #2620 into develop will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##             develop    #2620   +/-   ##
==========================================
  Coverage      49.48%   49.48%           
  Complexity      2478     2478           
==========================================
  Files            992      992           
  Lines          28134    28134           
  Branches        2308     2308           
==========================================
  Hits           13921    13921           
  Misses         13231    13231           
  Partials         982      982

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d71828d...e591214. Read the comment docs.

@Coduz Coduz force-pushed the Coduz:chng-bumpLockbackVersionTo1.2.3 branch 2 times, most recently from 6a51931 to a297063 Jun 19, 2019
Coduz added 2 commits Jun 12, 2019
Signed-off-by: coduz <alberto.codutti@eurotech.com>
Signed-off-by: coduz <alberto.codutti@eurotech.com>
@Coduz Coduz force-pushed the Coduz:chng-bumpLockbackVersionTo1.2.3 branch from a297063 to e591214 Jun 26, 2019
@Coduz Coduz added this to Backport in 1.0.6 via automation Jun 26, 2019
@Coduz Coduz merged commit bf0b8c4 into eclipse:develop Jun 26, 2019
4 checks passed
4 checks passed
codecov/patch Coverage not affected when comparing d71828d...e591214
Details
codecov/project 49.48% remains the same compared to d71828d
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
eclipsefdn/eca The author(s) of the pull request is covered by necessary legal agreements in order to proceed!
Details
1.1.0 automation moved this from To Do to Done Jun 26, 2019
@Coduz Coduz deleted the Coduz:chng-bumpLockbackVersionTo1.2.3 branch Jun 26, 2019
@Coduz Coduz moved this from Backport to Done in 1.0.6 Jun 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
1.1.0
  
Done
1.0.6
  
Done
2 participants
You can’t perform that action at this time.