update

yeikel · yeikel · commit 425f30fcafb5 · 2025-01-13T21:24:23.000-05:00
diff --git a/api/pom.xml b/api/pom.xml
@@ -18,8 +18,6 @@
         <sonar.jacoco.reportPath>${project.basedir}/target/jacoco.exec</sonar.jacoco.reportPath>
         <sonar.coverage.jacoco.xmlReportPaths>${project.basedir}/target/site/jacoco/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
         <sonar.language>java</sonar.language>
-        <!-- Temporary overwrite to fix CVE-2024-12798 and CVE-2024-12801. Remove after Spring > 3.4.1 is released  -->
-        <logback.version>1.5.16</logback.version>
     </properties>
 
     <dependencies>
diff --git a/contract/pom.xml b/contract/pom.xml
@@ -18,9 +18,29 @@
             </activation>
 
             <dependencies>
+                <dependency>
+                    <groupId>ch.qos.logback</groupId>
+                    <artifactId>logback-core</artifactId>
+                    <version>${logback.version}</version>
+                </dependency>
+                <dependency>
+                    <groupId>ch.qos.logback</groupId>
+                    <artifactId>logback-classic</artifactId>
+                    <version>${logback.version}</version>
+                </dependency>
                 <dependency>
                     <groupId>org.springframework.boot</groupId>
                     <artifactId>spring-boot-starter-webflux</artifactId>
+                    <exclusions>
+                        <exclusion>
+                            <groupId>ch.qos.logback</groupId>
+                            <artifactId>logback-classic</artifactId>
+                        </exclusion>
+                        <exclusion>
+                            <groupId>ch.qos.logback</groupId>
+                            <artifactId>logback-core</artifactId>
+                        </exclusion>
+                    </exclusions>
                 </dependency>
                 <dependency>
                     <groupId>org.springframework.boot</groupId>
diff --git a/pom.xml b/pom.xml
@@ -45,6 +45,8 @@
         <scala-lang.library.version>2.13.9</scala-lang.library.version>
         <snakeyaml.version>2.3</snakeyaml.version>
         <spring-boot.version>3.4.1</spring-boot.version>
+        <!-- Temporary overwrite to fix CVE-2024-12798 and CVE-2024-12801. Remove after Spring > 3.4.1 is released  -->
+        <logback.version>1.5.16</logback.version>
         <serde-api.version>1.0.0</serde-api.version>
         <odd-oddrn-generator.version>0.1.17</odd-oddrn-generator.version>
         <odd-oddrn-client.version>0.1.39</odd-oddrn-client.version>
