Hi folks, Currently I’m working on some backports, because OWASP reports CVEs on the 3.8 branch and noticed in the PRs that we should only upgrade logback on the master branch. Why is that?
logback-core-1.2.13.jar (pkg:maven/ch.qos.logback/[email protected], cpe:2.3:a:qos:logback:1.2.13:*:*:*:*:*:*:*) : CVE-2024-12798, CVE-2024-12801 Regards, Andor
