Andi P @ CoreMedia comments

Repositories
Issues
Comments

Results 2 comments of


                                            Andi P @ CoreMedia

Upgrade to SLF4J 2.0 and Logback 1.4

Apparently the extension module of SLF4J prior to 1.8.0-beta2 contains a security vulnerability (see https://nvd.nist.gov/vuln/detail/CVE-2018-8088#VulnChangeHistorySection). As such, I wouldn't consider this ticket just an enhancement anymore. What do you think?

Upgrade to SLF4J 2.0 and Logback 1.4

@snicoll Thanks for the quick reply. What would you recommend if an application based on Spring Boot relies on the extension module in its custom code? I guess the ext-module...