On Tue, Feb 12, 2019 at 7:02 PM Michael Shuler <mich...@pbandjelly.org> wrote:
> If you are not using the logback SocketServer and ServerSocketReceiver > components, the CVE doesn't affect your server with logback 1.1.3. > So the idea is that as long as logback.xml doesn't configure any of the above, we are fine with the current logback version? Thanks, -- Alex
