Yes, it's been reported in 'Medium' severity xray scan security issue. We are moving ahead to fix it with 1.2.6 as was mentioned here as a non alpha version: https://jira.qos.ch/browse/LOGBACK-1465 . It'll certainly help if this can also be back ported to 1.2.6. Any updates?