Skip to content

[Snyk] Security upgrade ch.qos.logback:logback-classic from 1.5.12 to 1.5.25#212

Closed
tcheeric wants to merge 1 commit into
masterfrom
snyk-fix-a9fb8dd3dae5b4cd44fb01c804c23db6
Closed

[Snyk] Security upgrade ch.qos.logback:logback-classic from 1.5.12 to 1.5.25#212
tcheeric wants to merge 1 commit into
masterfrom
snyk-fix-a9fb8dd3dae5b4cd44fb01c804c23db6

Conversation

@tcheeric

@tcheeric tcheeric commented Feb 15, 2026

Copy link
Copy Markdown
Collaborator

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
low severity External Initialization of Trusted Variables or Data Stores
SNYK-JAVA-CHQOSLOGBACK-15062482		   304   ch.qos.logback:logback-classic:
1.5.12 -> 1.5.25
No Known Exploit

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Snyk has automatically assigned this pull request, set who gets assigned.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
👩‍💻 Set who automatically gets assigned
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: pom.xml to reduce vulnerabilities
7e9b919 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-15062482
@tcheeric tcheeric self-assigned this Feb 15, 2026
@github-actions

github-actions Bot commented Feb 15, 2026

Copy link
Copy Markdown

Qodana for JVM

75 new problems were found

Inspection name Severity Problems
Vulnerable declared dependency 🔴 Failure 5
Vulnerable declared dependency 🔶 Warning 29
Invalid properties configuration 🔶 Warning 10
Vulnerable declared dependency ◽️ Notice 31

☁️ View the detailed Qodana report

Detected 138 dependencies

Third-party software list

This page lists the third-party software dependencies used in project

Dependency Version Licenses
accessors-smart 2.5.0 Apache-2.0
accessors-smart 2.5.1 Apache-2.0
accessors-smart 2.5.2 Apache-2.0
android-json 0.0.20131108.vaadin1 Apache-2.0
angus-activation 2.0.0 BSD-3-Clause
antlr4-runtime 4.13.0 BSD-3-Clause
apiguardian-api 1.1.2 Apache-2.0
asm 9.3 BSD-3-Clause
asm 9.6 BSD-3-Clause
asm 9.7.1 BSD-3-Clause
aspectjweaver 1.9.22.1 Apache-2.0
assertj-core 3.27.3 Apache-2.0
awaitility 4.3.0 Apache-2.0
checker-qual 3.42.0 MIT
classmate 1.5.1 Apache-2.0
commons-configuration2 2.11.0 Apache-2.0
commons-lang3 3.14.0 Apache-2.0
commons-logging 1.3.2 Apache-2.0
commons-text 1.12.0 Apache-2.0
evo-inflector 1.3 Apache-2.0
hamcrest 3.0 BSD-3-Clause
hdrhistogram 2.2.2 BSD-2-Clause
hikaricp 5.1.0 Apache-2.0
istack-commons-runtime 4.1.1 BSD-3-Clause
jackson-annotations 2.17.2 Apache-2.0
jackson-annotations 2.18.1 Apache-2.0
jackson-core 2.17.2 Apache-2.0
jackson-core 2.18.1 Apache-2.0
jackson-core 2.20.0 Apache-2.0
jackson-databind 2.17.2 Apache-2.0
jackson-databind 2.18.1 Apache-2.0
jackson-databind 2.20.0 Apache-2.0
jackson-dataformat-cbor 2.20.0 Apache-2.0
jackson-datatype-jdk8 2.17.2 Apache-2.0
jackson-datatype-jdk8 2.18.1 Apache-2.0
jackson-datatype-jsr310 2.17.2 Apache-2.0
jackson-datatype-jsr310 2.18.1 Apache-2.0
jackson-module-parameter-names 2.17.2 Apache-2.0
jackson-module-parameter-names 2.18.1 Apache-2.0
jakarta.activation-api 2.1.3 BSD-3-Clause
jakarta.annotation-api 2.1.1 Classpath-exception-2.0
EPL-2.0
GPL-2.0-only
jakarta.inject-api 2.0.1 Apache-2.0
jakarta.persistence-api 3.1.0 BSD-3-Clause
EPL-2.0
jakarta.servlet-api 6.0.0 EPL-2.0
jakarta.transaction-api 2.0.1 Classpath-exception-2.0
EPL-2.0
GPL-2.0-only
jakarta.validation-api 3.0.2 Apache-2.0
jakarta.xml.bind-api 4.0.0 BSD-3-Clause
jakarta.xml.bind-api 4.0.2 BSD-3-Clause
jandex 3.2.0 Apache-2.0
jaxb-core 4.0.2 BSD-3-Clause
jaxb-runtime 4.0.2 BSD-3-Clause
jboss-logging 3.5.0.final Apache-2.0
json-path 2.9.0 Apache-2.0
json-smart 2.5.0 Apache-2.0
json-smart 2.5.1 Apache-2.0
json-smart 2.5.2 Apache-2.0
jsonassert 1.5.3 Apache-2.0
jul-to-slf4j 2.0.13 MIT
jul-to-slf4j 2.0.16 MIT
jul-to-slf4j 2.0.17 MIT
junit-jupiter-params 5.12.2 EPL-2.0
junit-jupiter 5.12.2 EPL-2.0
latencyutils 2.0.3 CC0-1.0
log4j-api 2.23.1 Apache-2.0
log4j-api 2.24.1 Apache-2.0
log4j-api 2.24.3 Apache-2.0
log4j-to-slf4j 2.23.1 Apache-2.0
log4j-to-slf4j 2.24.1 Apache-2.0
log4j-to-slf4j 2.24.3 Apache-2.0
logback-classic 1.5.12 EPL-1.0
LGPL-2.0-or-later
logback-classic 1.5.25 EPL-1.0
LGPL-2.0-or-later
logback-core 1.5.12 EPL-1.0
LGPL-2.0-or-later
logback-core 1.5.25 EPL-1.0
LGPL-2.0-or-later
lombok 1.18.36 BSD-3-CLAUSE-NO-TRADEMARK
MIT
micrometer-commons 1.14.1 Apache-2.0
micrometer-core 1.14.1 Apache-2.0
micrometer-jakarta9 1.14.1 Apache-2.0
micrometer-observation 1.14.1 Apache-2.0
postgresql 42.7.3 BSD-2-Clause
postgresql 42.7.4 BSD-2-Clause
slf4j-api 2.0.13 MIT
slf4j-api 2.0.16 MIT
slf4j-api 2.0.17 MIT
snakeyaml 2.2 Apache-2.0
snakeyaml 2.3 Apache-2.0
snakeyaml 2.4 Apache-2.0
spring-aop 6.2.0 Apache-2.0
spring-aspects 6.2.0 Apache-2.0
spring-beans 6.1.11 Apache-2.0
spring-beans 6.2.0 Apache-2.0
spring-boot-actuator-autoconfigure 3.4.0 Apache-2.0
spring-boot-actuator 3.4.0 Apache-2.0
spring-boot-autoconfigure 3.3.2 Apache-2.0
spring-boot-autoconfigure 3.4.0 Apache-2.0
spring-boot-autoconfigure 3.5.0 Apache-2.0
spring-boot-starter-actuator 3.4.0 Apache-2.0
spring-boot-starter-data-jpa 3.4.0 Apache-2.0
spring-boot-starter-data-rest 3.4.0 Apache-2.0
spring-boot-starter-jdbc 3.4.0 Apache-2.0
spring-boot-starter-json 3.3.2 Apache-2.0
spring-boot-starter-json 3.4.0 Apache-2.0
spring-boot-starter-logging 3.3.2 Apache-2.0
spring-boot-starter-logging 3.4.0 Apache-2.0
spring-boot-starter-logging 3.5.0 Apache-2.0
spring-boot-starter-test 3.5.0 Apache-2.0
spring-boot-starter-tomcat 3.4.0 Apache-2.0
spring-boot-starter-validation 3.4.0 Apache-2.0
spring-boot-starter-web 3.4.0 Apache-2.0
spring-boot-starter 3.3.2 Apache-2.0
spring-boot-starter 3.4.0 Apache-2.0
spring-boot-starter 3.5.0 Apache-2.0
spring-boot-test-autoconfigure 3.5.0 Apache-2.0
spring-boot-test 3.5.0 Apache-2.0
spring-boot 3.3.2 Apache-2.0
spring-boot 3.4.0 Apache-2.0
spring-boot 3.5.0 Apache-2.0
spring-context 6.2.0 Apache-2.0
spring-core 6.1.11 Apache-2.0
spring-core 6.2.0 Apache-2.0
spring-core 6.2.7 Apache-2.0
spring-data-commons 3.4.0 Apache-2.0
spring-data-jpa 3.4.0 Apache-2.0
spring-data-rest-core 4.4.0 Apache-2.0
spring-data-rest-webmvc 4.4.0 Apache-2.0
spring-expression 6.2.0 Apache-2.0
spring-hateoas 2.4.0 Apache-2.0
spring-jdbc 6.2.0 Apache-2.0
spring-orm 6.2.0 Apache-2.0
spring-plugin-core 3.0.0 Apache-2.0
spring-tx 6.2.0 Apache-2.0
spring-web 6.1.11 Apache-2.0
spring-web 6.2.0 Apache-2.0
spring-webmvc 6.2.0 Apache-2.0
tomcat-embed-core 10.1.33 Apache-2.0
CDDL-1.0
PROPRIETARY-LICENSE
tomcat-embed-el 10.1.33 Apache-2.0
tomcat-embed-websocket 10.1.33 Apache-2.0
txw2 4.0.2 BSD-3-Clause
xmlunit-core 2.10.1 Apache-2.0
Contact Qodana team

Contact us at qodana-support@jetbrains.com

@tcheeric tcheeric closed this Feb 20, 2026
@tcheeric tcheeric deleted the snyk-fix-a9fb8dd3dae5b4cd44fb01c804c23db6 branch February 20, 2026 18:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@tcheeric tcheeric

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tcheeric @snyk-bot