upgrade logback due to CVE-2023-6378

apache · Nov 30, 2023 · 20db12d · 20db12d
1 parent 6fa0044
commit 20db12d
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/integration-test/kubernetes-api-java/pom.xml b/integration-test/kubernetes-api-java/pom.xml
@@ -43,7 +43,7 @@
     <dependency>
       <groupId>ch.qos.logback</groupId>
       <artifactId>logback-classic</artifactId>
-      <version>1.2.3</version>
+      <version>1.2.12</version>
     </dependency>
     <dependency>
       <groupId>org.apache.pekko</groupId>

diff --git a/project/Dependencies.scala b/project/Dependencies.scala
@@ -28,7 +28,7 @@ object Dependencies {
   val log4j2Version = "2.17.2"
   val log4j2Slf4j2Version = "2.21.1"
   val logbackVersion = "1.2.11"
-  val logbackSlf4j2Version = "1.3.11"
+  val logbackSlf4j2Version = "1.3.13"
   val slf4j2Version = "2.0.9"
 
   // often called-in transitively with insecure versions of databind / core
@@ -113,7 +113,7 @@ object Dependencies {
   val managementLoglevelsLogbackSlf4j2Overrides = if (Common.testWithSlf4J2) {
     Seq(
       "org.slf4j" % "slf4j-api" % "2.0.9",
-      "ch.qos.logback" % "logback-classic" % "1.3.11" % Test)
+      "ch.qos.logback" % "logback-classic" % "1.3.13" % Test)
   } else {
     Seq.empty
   }