If you are using maven to build your project and are using EELF as it stands now, there is a reported security issue for the logback version used by EELF.

Please find below the update to your pom.xml dependency imports, to be placed where you import your EELF dependency:

<dependency>

<groupId>ch.qos.logback</groupId>

<artifactId>logback-core</artifactId>

<version>1.2.3</version>

</dependency>

<dependency>

<groupId>ch.qos.logback</groupId>

<artifactId>logback-classic</artifactId>

<version>1.2.3</version>

</dependency>

If you import EELF multiple times, be sure that you add it for every entry.

After the change, if you do a mvn dependency:tree on your main project POM, you should see lines like the following:

[INFO] +- ch.qos.logback:logback-core:jar:1.2.3:compile

[INFO] +- ch.qos.logback:logback-classic:jar:1.2.3:compile

The older versions of logback should not appear anymore. If some still do, check the dependency tree to see what imports them.