Thanks, However, the PR is not correct.
We (Greg and I) will create a right PR and move forward on Pax Logging release. However, just a note for the users: this issue is largely less critical than log4j one. Anyway, I will cut maintenance release quickly. Regards JB > Le 17 déc. 2021 à 16:35, Matt Pavlovich <mattr...@gmail.com> a écrit : > > PR created for pax-logging against main: > https://github.com/ops4j/org.ops4j.pax.logging/pull/425 > <https://github.com/ops4j/org.ops4j.pax.logging/pull/425> > > >> On Dec 17, 2021, at 9:23 AM, Matt Pavlovich <mattr...@gmail.com> wrote: >> >> I summarized notes on the Logback CVE-2021-42550 . While significantly less >> critical, we probably need to consider another round of releases to address >> and bring in logback 1.2.9. >> >> notes here: https://issues.apache.org/jira/browse/KARAF-7299 >> <https://issues.apache.org/jira/browse/KARAF-7299> >> >> Thoughts? >