Resolves #158 - Updates the logback version (#159)

rdifrango · web-flow · commit 9e8822daebeb · 2021-12-17T15:13:44.000+01:00
The details can be found at: http://slf4j.org/log4shell.html The key details are these lines: However, logback may make JNDI calls from within its configuration file. This was recently reported in LOGBACK-1591 as a vulnerability of lesser severity. In response, we have released logback version 1.2.8. Please upgrade. Co-authored-by: Difrango, Ronald <ronald.difrango@fmr.com>
diff --git a/logback-ecs-encoder/pom.xml b/logback-ecs-encoder/pom.xml
@@ -40,7 +40,7 @@
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-classic</artifactId>
-            <version>1.2.3</version>
+            <version>1.2.8</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
