[logback-user] Differences between logback 1.2.8 and 1.2.9
Arjohn Kampman
arjohn.kampman at gmail.com
Fri Dec 17 10:00:28 CET 2021
Hi,
First of all: thank you for looking into the vulnerabilities related to
the log4j news. The announcement about the 1.2.9 release is a bit light
on details in how it differs from the 1.2.8 release. I thought the 1.2.8
disabled all the critical bits, which makes it safe to use again, but
the news article indicates that any version prior to 1.2.9 (including
1.2.8) is vulnerable. So does this mean that 1.2.9 fixes yet more
security issues, or is this more about re-enabling some things that have
been disabled in 1.2.8?
Regards,
Arjohn Kampman
More information about the logback-user
mailing list