This repository has been archived by the owner on Apr 23, 2024. It is now read-only.
Severe vulnerability requires logback version upgrade #49
Comments
|
If you allow me as Contributor, I could do it. Maybe I would need some permission on Maven Central as well to publish the release. |
|
Fixed in 0.1.5 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hello,
logback News page says Release 1.2.0 fixes a rather severe serialization vulnerability in SocketServer and ServerSocketReceiver. Users running these components should upgrade immediately. Therefore, could you make a new release with logback.version >= 1.2.0 ?
It is 1.1.1 currently :-(
The text was updated successfully, but these errors were encountered: