[
https://issues.apache.org/jira/browse/CASSANDRA-20429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18030313#comment-18030313
]
Michael Morris commented on CASSANDRA-20429:
--------------------------------------------
Hi [~brandon.williams]
Would it be possible to get this change included in a 5.0.x release? I
appreciate the CVEs cannot be exploited but they are still flagged by
vulnerability scanning tools. I am happy to contribute a PR to drop it back to
the cassandra-5.0 branch if it would be acceptable.
If it is not, then when do you think will be the earliest release where this
will be resolved.
> Upgrade logback to 1.5.18 and slf4j to 2.0.17
> ---------------------------------------------
>
> Key: CASSANDRA-20429
> URL: https://issues.apache.org/jira/browse/CASSANDRA-20429
> Project: Apache Cassandra
> Issue Type: Improvement
> Components: Observability/Logging
> Reporter: Brandon Williams
> Assignee: Nikolay Izhikov
> Priority: Normal
> Fix For: 5.1
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> The logback version we use (1.2.x) is no longer maintained and 1.3.x and
> 1.4.x are inactive. I looked into upgrading in CASSANDRA-20408 and it's more
> involved than a drop-in replacement so I thought it warranted its own jira
> ticket.
> https://logback.qos.ch/download.html
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
