[logback-user] Differences between logback 1.2.8 and 1.2.9

Ceki Gülcü ceki at qos.ch
Fri Dec 17 10:08:37 CET 2021

Hi Arjohn,

I would consider logback version 1.2.9 a security fix.

Ceki Gülcü

Please contact suppport(at)qos.ch for donations, sponsorship or support 
contracts related to SLF4J or logback projects.

On 17/12/2021 10:00, Arjohn Kampman wrote:
> Hi,
> First of all: thank you for looking into the vulnerabilities related to 
> the log4j news. The announcement about the 1.2.9 release is a bit light 
> on details in how it differs from the 1.2.8 release. I thought the 1.2.8 
> disabled all the critical bits, which makes it safe to use again, but 
> the news article indicates that any version prior to 1.2.9 (including 
> 1.2.8) is vulnerable. So does this mean that 1.2.9 fixes yet more 
> security issues, or is this more about re-enabling some things that have 
> been disabled in 1.2.8?
> Regards,
> Arjohn Kampman
> _______________________________________________

More information about the logback-user mailing list