karate icon indicating copy to clipboard operation
karate copied to clipboard
verified publisher icon karatelabs

Vulnerability Issues with ch.qos.logback:logback-classic:jar:1.5.12 under the com.intuit.karate:karate-junit5:jar:1.4.1

Open saxensan opened this issue 1 year ago • 2 comments

Team,

We have been using the karate-junit5 -1.4.1 and have been facing the vulnerability issues from the Dependabot alerts (Screenshot attached) related to the ch.qos.logback:logback-classic:jar:1.5.12

Please suggest us on the same. imagem (1) imagem

saxensan avatar Jan 08 '25 12:01 saxensan

@saxensan please try 1.5.2.RC1 now available in Maven central: https://central.sonatype.com/artifact/io.karatelabs/karate-core/1.5.2.RC1

do confirm if it solves the issue

ptrthomas avatar Jan 08 '25 14:01 ptrthomas

@saxensan thanks for confirming, I'll just flip the status to open (fixed) - the process we follow is to close issues only when a final release version (non-RC) is out. in this case our assessment is that the RC is good for production use

ptrthomas avatar Jan 16 '25 04:01 ptrthomas

karate 1.5.2 final released

ptrthomas avatar Nov 30 '25 07:11 ptrthomas