Does Logback v1.1.11 fix CVE-2017-5929?
Hi, as I couldn't find any release notes/information about the logback release v1.1.11: does this release include the fix for CVE-2017-5929? Thanks, Alexander
No, 1.2.0 does. On 3/15/2017 10:06, Alexander von Buchholtz wrote:
Hi,
as I couldn‘t find any release notes/information about the logback release v1.1.11: does this release include the fix for CVE-2017-5929?
Thanks,
Alexander
_______________________________________________ logback-user mailing list logback-user@qos.ch http://mailman.qos.ch/mailman/listinfo/logback-user
Hi Ceki, then https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5929 should probably be updated to reflect that in the CPE configuration? If you don't plan to backport to v1.1 then the configuration should mark all 1.1 versions vulnerable. What do you think? Thanks, Alexander -----Ursprüngliche Nachricht----- Von: logback-user [mailto:logback-user-bounces@qos.ch] Im Auftrag von Ceki Gülcü Gesendet: Mittwoch, 15. März 2017 10:08 An: logback users list <logback-user@qos.ch> Betreff: Re: [logback-user] Does Logback v1.1.11 fix CVE-2017-5929? No, 1.2.0 does. On 3/15/2017 10:06, Alexander von Buchholtz wrote:
Hi,
as I couldn‘t find any release notes/information about the logback release v1.1.11: does this release include the fix for CVE-2017-5929?
Thanks,
Alexander
_______________________________________________ logback-user mailing list logback-user@qos.ch http://mailman.qos.ch/mailman/listinfo/logback-user
_______________________________________________ logback-user mailing list logback-user@qos.ch http://mailman.qos.ch/mailman/listinfo/logback-user
participants (2)
-
Alexander von Buchholtz -
Ceki Gülcü