🔐 SECURITY: Upgrade logback-core to 1.3.14

Ortus-Solutions · Dec 5, 2023 · 761c04a · 761c04a
1 parent c89818e
commit 761c04a
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### 🔐 Security
+
+Resolve an [Uncontrolled Resource Consumption](https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6097493) vulnerability disclosed on 12/4/2023 by upgrading `logback-core` to `1.3.14`. [See vulnerability details](https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6097493). 
+
 ### ⭐ Added
 
 New `ORMQueryExecute()` alias for the `ORMExecuteQuery`. This new alias behaves identically to the `ORMExecuteQuery()` method, but is named consistently with the `queryExecute()` method.

diff --git a/pom.xml b/pom.xml
@@ -351,7 +351,7 @@ lucee-core-version: ${minLuceeVersion}
       <dependency>
          <groupId>ch.qos.logback</groupId>
          <artifactId>logback-classic</artifactId>
-         <version>1.3.8</version>
+         <version>1.3.14</version>
       </dependency>
 
    </dependencies>