CCD-5159: (#151)

* CCD-5159:
Fix CVE-2023-6378, upgrading logback-core and logback-classic from 1.2.10 to 1.5.6. Removed version.logback

---------

Co-authored-by: shahirali <[email protected]>

Author: shahir-ali

build.gradle

@@ -193,6 +193,9 @@ dependencies {
 
   implementation group: 'com.github.hmcts.java-logging', name: 'logging', version: '6.0.1'
 
+  implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.5.6'
+  implementation group: 'ch.qos.logback', name: 'logback-core', version: '1.5.6'
+
   implementation group: 'org.apache.logging.log4j', name: 'log4j-api', version: log4JVersion
   implementation group: 'org.apache.logging.log4j', name: 'log4j-to-slf4j', version: log4JVersion
   testImplementation group: 'io.rest-assured', name: 'rest-assured', version: '4.5.1'

config/owasp/suppressions.xml

@@ -2,12 +2,10 @@
   <suppress>
     <notes>Temporary Suppression
         CVE-2023-34055 refer [Ticket]
-        CVE-2023-6378 refer [Ticket]
         CVE-2023-35116 refer [Ticket]
         CVE-2023-6481 refer [Ticket]
     </notes>
     <cve>CVE-2023-34055</cve>
-    <cve>CVE-2023-6378</cve>
     <cve>CVE-2023-35116</cve>
     <cve>CVE-2023-6481</cve>
   </suppress>