[jira] [Closed] (TINKERPOP-3050) security vulnerability in logback-core

Cole Greer (Jira) Fri, 04 Oct 2024 13:08:05 -0700


     [ 
https://issues.apache.org/jira/browse/TINKERPOP-3050?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Cole Greer closed TINKERPOP-3050.
---------------------------------
    Fix Version/s: 3.6.8
                   3.7.3
         Assignee: Cole Greer
       Resolution: Fixed

Resolved by CTR: 
https://github.com/apache/tinkerpop/commit/9c394637e8d4ac865a56711635db2e94e92301be

> security vulnerability in logback-core 
> ---------------------------------------
>
>                 Key: TINKERPOP-3050
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-3050
>             Project: TinkerPop
>          Issue Type: Bug
>          Components: console
>    Affects Versions: 3.6.6
>            Reporter: Tal Ron
>            Assignee: Cole Greer
>            Priority: Blocker
>             Fix For: 3.6.8, 3.7.3
>
>
> used logback-core version is: 1.2.11- 
> [CVE-2023-6378|https://github.com/advisories/GHSA-vmq6-5m68-f53m]
> [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6378]
>  
> [https://github.com/advisories/GHSA-vmq6-5m68-f53m]
> I see that even latest v1.2.13 has security issue: 
> [https://mvnrepository.com/artifact/ch.qos.logback/logback-core]
> 1.3.12, 1.3.14, 1.4.12 and latest 1.4.14 are currently safe
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (TINKERPOP-3050) security vulnerability in logback-core

Reply via email to