[logback-user] Security Fix - logback 1.2.9 and 1.3.0-alpha11
ceki at qos.ch
Fri Dec 17 03:49:40 CET 2021
Since the publication of log4shell attack, a vulnerability of lesser
importance has been reported against logback, namely CVE-2021-42550.
See https://cve.report/CVE-2021-42550 for a description.
See https://github.com/cn-panda/logbackRceDemo for a demo of the
In response, we have made several changes in logback components as to
harden them. We have also dropped Groovy configuration support with no
Please refer to the news page for more details.
Even if the vulnerability found in logback is less threatening, we
highly recommend that you upgrade to logback version 1.2.9 if you are on
the 1.2.x series and to version 1.3.0-alpha11 if you are already on
Please contact suppport(at)qos.ch for donations, sponsorship or support
contracts related to SLF4J or logback projects.
More information about the logback-user