[logback-user] Does Logback v1.1.11 fix CVE-2017-5929?

Alexander von Buchholtz alexander.buchholtz at qudosoft.de
Wed Mar 15 10:40:11 CET 2017


Hi Ceki,

then https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5929 should probably be updated to reflect that in the CPE configuration?
If you don't plan to backport to v1.1 then the configuration should mark all 1.1 versions vulnerable.
What do you think?

Thanks,
Alexander

-----Ursprüngliche Nachricht-----
Von: logback-user [mailto:logback-user-bounces at qos.ch] Im Auftrag von Ceki Gülcü
Gesendet: Mittwoch, 15. März 2017 10:08
An: logback users list <logback-user at qos.ch>
Betreff: Re: [logback-user] Does Logback v1.1.11 fix CVE-2017-5929?


No, 1.2.0 does.

On 3/15/2017 10:06, Alexander von Buchholtz wrote:
> Hi,
>
>
>
> as I couldn‘t find any release notes/information about the logback 
> release v1.1.11: does this release include the fix for CVE-2017-5929?
>
>
>
> Thanks,
>
> Alexander
>
>
>
> _______________________________________________
> logback-user mailing list
> logback-user at qos.ch
> http://mailman.qos.ch/mailman/listinfo/logback-user
>
_______________________________________________
logback-user mailing list
logback-user at qos.ch
http://mailman.qos.ch/mailman/listinfo/logback-user


More information about the logback-user mailing list