Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security update logback, other dependency updates + upgrade to gradle 7 #734

Merged
merged 4 commits into from
Jan 2, 2022
Merged

security update logback, other dependency updates + upgrade to gradle 7 #734

merged 4 commits into from
Jan 2, 2022

Conversation

ancho
Copy link
Member

@ancho ancho commented Dec 15, 2021
edited
Loading

As the distribution package of jbake does deliver a writable logback.xml
we need to fix this immediatly.

See https://jira.qos.ch/browse/LOGBACK-1591 and News from 14th of December

@ancho ancho requested a review from jonbullock December 15, 2021 19:31
@kwin
Copy link
Contributor

kwin commented Dec 24, 2021

Meanwhile Logback 1.2.10 has been released which contains more hardening against potential attacks.

@ancho
Copy link
Member Author

ancho commented Dec 25, 2021

Thanks for the hint.

@ancho ancho changed the title security update logback 1.2.8 and other dependency updates security update logback and other dependency updates Dec 25, 2021
@ancho ancho force-pushed the feature/update-dependencies branch 2 times, most recently from edccbc7 to 4d95b42 Compare December 26, 2021 10:08
@jonbullock
Copy link
Member

Good catch, thanks @ancho

@jonbullock jonbullock changed the title security update logback and other dependency updates security update logback, other dependency updates + upgrade to gradle 7 Dec 26, 2021
@jonbullock jonbullock added this to the v2.7.0 milestone Dec 26, 2021
@ge0ffrey ge0ffrey mentioned this pull request Dec 30, 2021
Merged
6 tasks
@ge0ffrey
Copy link
Contributor

Partially obsolete due to #740, Ancho is working on a security update logback separate PR

@ancho ancho force-pushed the feature/update-dependencies branch from 4d95b42 to fe42958 Compare January 2, 2022 14:00
@jonbullock
Copy link
Member

I'm AFK at the moment but if this is ready to merge in feel free to do so @ancho

@ancho ancho force-pushed the feature/update-dependencies branch from 5b2a211 to 3a2b0a2 Compare January 2, 2022 15:34
@ancho
Copy link
Member Author

ancho commented Jan 2, 2022

Allright then. I think it's ready now.

@ancho ancho merged commit aa14595 into jbake-org:master Jan 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonbullock jonbullock jonbullock approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2.7.0
Development

Successfully merging this pull request may close these issues.
4 participants
@ancho @kwin @jonbullock @ge0ffrey