Hello all, Since the publication of log4shell attack, a vulnerability of lesser importance has been reported against logback, namely CVE-2021-42550. See https://cve.report/CVE-2021-42550 for a description. See https://github.com/cn-panda/logbackRceDemo for a demo of the attack. In response, we have made several changes in logback components as to harden them. We have also dropped Groovy configuration support with no replacement. Please refer to the news page for more details. http://logback.qos.ch/news.html Even if the vulnerability found in logback is less threatening, we highly recommend that you upgrade to logback version 1.2.9 if you are on the 1.2.x series and to version 1.3.0-alpha11 if you are already on 1.3.x series. Best regards, -- Ceki Gülcü Please contact suppport(at)qos.ch for donations, sponsorship or support contracts related to SLF4J or logback projects.