From be4ed3c68bcef461b0db24f7fa015d74bf421421 Mon Sep 17 00:00:00 2001
From: Bastien Teinturier <31281497+t-bast@users.noreply.github.com>
Date: Wed, 6 Dec 2023 15:09:11 +0100
Subject: [PATCH] Update logback-classic (#2796)
This version of logback fixes the following CVE:
"a potential denial of service attack on a centralized logback receiver
when a third party controlling a remote appender connects to said
receiver and could shut down or slow down logging of events."
Eclair isn't affected since we don't use logback receivers, but if there
are applications or plugins that depend on eclair and use logback
receivers, it's better to use the logback version containing the fix.
---
eclair-core/pom.xml | 2 +-
eclair-front/pom.xml | 2 +-
eclair-node/pom.xml | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/eclair-core/pom.xml b/eclair-core/pom.xml
index fc3177ad24..070a51f09c 100644
--- a/eclair-core/pom.xml
+++ b/eclair-core/pom.xml
@@ -296,7 +296,7 @@
ch.qos.logback
logback-classic
- 1.2.3
+ 1.2.13
test
diff --git a/eclair-front/pom.xml b/eclair-front/pom.xml
index 752e09d0ab..2a105d4f40 100644
--- a/eclair-front/pom.xml
+++ b/eclair-front/pom.xml
@@ -80,7 +80,7 @@
ch.qos.logback
logback-classic
- 1.2.3
+ 1.2.13
org.codehaus.janino
diff --git a/eclair-node/pom.xml b/eclair-node/pom.xml
index 0823b0f329..beeddc8147 100644
--- a/eclair-node/pom.xml
+++ b/eclair-node/pom.xml
@@ -79,7 +79,7 @@
ch.qos.logback
logback-classic
- 1.2.3
+ 1.2.13