Hello Guys,

I have a question for you concerning this alert,

I'm using logback < 1.2.9 on my spring boot projet, but i don't have any custom logback.xml file, i'm just using some logging properties on my application.properties,

So normaly, i'm not concerned by this alert because the attacker will never be able to access to my logback.xml because i don't have it,

Could you please confirm me if i'm correct or not ?

Thank you in advance,