-
Sub-task
-
Resolution: Done
-
Medium
-
None
-
None
-
None
-
Portal Sprint 6, Portal Sprint 7
If you are using maven to build your project and are using EELF as it stands now, there is a reported security issue for the logback version used by EELF.
Please find below the update to your pom.xml dependency imports, to be placed where you import your EELF dependency:
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.2.3</version>
</dependency>
If you import EELF multiple times, be sure that you add it for every entry.
After the change, if you do a mvn dependency:tree on your main project POM, you should see lines like the following:
[INFO] +- ch.qos.logback:logback-core:jar:1.2.3:compile
[INFO] +- ch.qos.logback:logback-classic:jar:1.2.3:compile
The older versions of logback should not appear anymore. If some still do, check the dependency tree to see what imports them.