[logback-user] Differences between logback 1.2.8 and 1.2.9
Ceki Gülcü
ceki at qos.ch
Fri Dec 17 10:08:37 CET 2021
Hi Arjohn,
I would consider logback version 1.2.9 a security fix.
--
Ceki Gülcü
Please contact suppport(at)qos.ch for donations, sponsorship or support
contracts related to SLF4J or logback projects.
On 17/12/2021 10:00, Arjohn Kampman wrote:
> Hi,
>
> First of all: thank you for looking into the vulnerabilities related to
> the log4j news. The announcement about the 1.2.9 release is a bit light
> on details in how it differs from the 1.2.8 release. I thought the 1.2.8
> disabled all the critical bits, which makes it safe to use again, but
> the news article indicates that any version prior to 1.2.9 (including
> 1.2.8) is vulnerable. So does this mean that 1.2.9 fixes yet more
> security issues, or is this more about re-enabling some things that have
> been disabled in 1.2.8?
>
> Regards,
>
> Arjohn Kampman
>
> _______________________________________________
More information about the logback-user
mailing list