Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-5482

Upgrade logback-classic

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Unknown Unknown
    • 5.2.0
    • Affects Version/s: None
    • Component/s: Build
    • None
    • Fully Compatible
    • Java Drivers
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      Although the driver only uses Logback during testing, it's on a very old version that has a CVE reported against it, which is detected by Snyk and probably other static analysis tools. To avoid the appearance of a security vulnerability, we should upgrade to the latest release.

            Assignee:
            Unassigned Unassigned
            Reporter:
            jeff.yemin@mongodb.com Jeffrey Yemin
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: