]> source.dussan.org Git - sonarqube.git/commit
projects / sonarqube.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f880843) | patch
Upgrade logback and SLF4j
authorSimon Brandhof <simon.brandhof@sonarsource.com>
Fri, 13 Oct 2017 13:02:57 +0000 (15:02 +0200)
committerSimon Brandhof <simon.brandhof@sonarsource.com>
Mon, 16 Oct 2017 08:01:51 +0000 (10:01 +0200)
commitcba2b53e32d1b4d812ce346656e6658d62ea4aed
tree96a6992ce512d5f2b6d2cd9fae1668d7ac13e231tree | snapshot
parentf8808432080e18b27809a79cde496126a723b7c6commit | diff
Upgrade logback and SLF4j

Logback 1.1.x suffers from https://nvd.nist.gov/vuln/detail/CVE-2017-5929,
which has been fixed in 1.2.0. This vulnerability can't be exploited
because the Logback socket server is not enabled. Nevertheless
upgrading is a best practice.
pom.xml diff | blob | history
server/sonar-process/src/main/java/org/sonar/process/logging/LogbackHelper.java diff | blob | history
server/sonar-process/src/test/java/org/sonar/process/logging/LogbackHelperTest.java diff | blob | history
server/sonar-server/src/main/java/org/sonar/server/app/ProgrammaticLogbackValve.java diff | blob | history
Continuous Inspection: https://github.com/SonarSource/sonarqube