Bug #20421
Updated by Alexis Mousset over 2 years ago
After log4j JNDI vulnerability, logback did an audit of their code and found a potential, low law risk (since it needs write access to logback.xml file) vector: https://jira.qos.ch/browse/LOGBACK-1591 We still should update to logback 2.6.8 in case other, more horrible, horrible attack vectors are found.