Logback needs update to 1.2.10
sanel opened this issue · 1 comments
sanel commented
Describe the bug
Current version of logback used is 1.2.3 and according to this, there are some security issues with it. Also logback site confirms it.
AFAIK, this CVE to work will need a write access to logback.xml, which is shipped in riemann jar or riemann needs to be started/loaded with a custom logback.xml
@jamtur01 I believe this is an easy commit, but I can create a PR if you want.