Upgrade logback and SLF4j

Logback 1.1.x suffers from https://nvd.nist.gov/vuln/detail/CVE-2017-5929, which has been fixed in 1.2.0. This vulnerability can't be exploited because the Logback socket server is not enabled. Nevertheless upgrading is a best practice.
author: Simon Brandhof <simon.brandhof@sonarsource.com> 2017-10-13 15:02:57 +0200
committer: Simon Brandhof <simon.brandhof@sonarsource.com> 2017-10-16 10:01:51 +0200
commit: cba2b53e32d1b4d812ce346656e6658d62ea4aed (patch)
tree: 96a6992ce512d5f2b6d2cd9fae1668d7ac13e231 /pom.xml
parent: f8808432080e18b27809a79cde496126a723b7c6 (diff)
download: sonarqube-cba2b53e32d1b4d812ce346656e6658d62ea4aed.tar.gz
sonarqube-cba2b53e32d1b4d812ce346656e6658d62ea4aed.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/pom.xml b/pom.xml
index fcdd755dc02..612f6acc758 100644
--- a/pom.xml
+++ b/pom.xml
@@ -72,8 +72,8 @@
     <sonarUpdateCenter.version>1.18.0.487</sonarUpdateCenter.version>
     <h2.version>1.3.176</h2.version>
     <jetty.version>8.1.12.v20130726</jetty.version>
-    <logback.version>1.1.7</logback.version>
-    <slf4j.version>1.7.24</slf4j.version>
+    <logback.version>1.2.3</logback.version>
+    <slf4j.version>1.7.25</slf4j.version>
 
     <!-- Be aware that Log4j is used by Elasticsearch client -->
     <log4j.version>2.8.2</log4j.version>
author	Simon Brandhof <simon.brandhof@sonarsource.com>	2017-10-13 15:02:57 +0200
committer	Simon Brandhof <simon.brandhof@sonarsource.com>	2017-10-16 10:01:51 +0200
commit	cba2b53e32d1b4d812ce346656e6658d62ea4aed (patch)
tree	96a6992ce512d5f2b6d2cd9fae1668d7ac13e231 /pom.xml
parent	f8808432080e18b27809a79cde496126a723b7c6 (diff)
download	sonarqube-cba2b53e32d1b4d812ce346656e6658d62ea4aed.tar.gz sonarqube-cba2b53e32d1b4d812ce346656e6658d62ea4aed.zip