Skip to content

[CU-86b4umhm1] Update dependency ch.qos.logback:logback-core to v1.5.19 [SECURITY] #145

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dnastack-renovate merged 1 commit into from
Oct 21, 2025
Merged

[CU-86b4umhm1] Update dependency ch.qos.logback:logback-core to v1.5.19 [SECURITY] #145

dnastack-renovate merged 1 commit into from
Oct 21, 2025

Conversation

@dnastack-renovate
Copy link
Contributor

@dnastack-renovate dnastack-renovate bot commented Oct 21, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
ch.qos.logback:logback-core (source, changelog) 1.5.18 -> 1.5.19 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2025-11226

QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment variable before program execution.

A successful attack requires the Janino library and Spring Framework to be present on the user's class path. Additionally, the attacker must have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privileges.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@platform-automation-dnastack
Copy link

platform-automation-dnastack commented Oct 21, 2025

Task linked: CU-86b4umhm1 Setup Renovate server and introduce it to wallet

@github-actions
Copy link

github-actions bot commented Oct 21, 2025

Test Results

48 tests  ±0   48 ✅ ±0   12s ⏱️ -3s
 5 suites ±0    0 💤 ±0 
 5 files   ±0    0 ❌ ±0 

Results for commit ff99868. ± Comparison against base commit f08ede9.

@dnastack-renovate dnastack-renovate bot merged commit 70e5876 into main Oct 21, 2025
3 checks passed
@dnastack-renovate dnastack-renovate bot deleted the renovate/logback.version branch October 21, 2025 23:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

renovate-security

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@platform-automation-dnastack