itext-java icon indicating copy to clipboard operation
itext-java copied to clipboard

Published 20 hours ago verified publisher icon itext

[Snyk] Upgrade ch.qos.logback:logback-classic from 1.3.14 to 1.5.18

Open iText-CI opened this issue 5 months ago • 0 comments

snyk-top-banner

Snyk has created this PR to upgrade ch.qos.logback:logback-classic from 1.3.14 to 1.5.18.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 35 versions ahead of your current version.

  • The recommended version was released 2 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Improper Neutralization of Special Elements
SNYK-JAVA-CHQOSLOGBACK-8539866		 334 No Known Exploit
medium severity Improper Neutralization of Special Elements
SNYK-JAVA-CHQOSLOGBACK-8539867		 334 No Known Exploit
low severity Server-side Request Forgery (SSRF)
SNYK-JAVA-CHQOSLOGBACK-8539865		 334 No Known Exploit

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

iText-CI avatar Jun 01 '25 08:06 iText-CI