Unfortunately, I think this approach is difficult to bypass. At least I haven't thought of a good way for the time being.

In fact, I don't care if you think there are no vulnerabilities in this logback.

You are the developer of logback. You have the right to decide this issue.

To put forward my point of view, and to demonstrate to you as much as possible, this is what I can do.