DDS-3046 - reduce logging level when validating user certificates#62
DDS-3046 - reduce logging level when validating user certificates#62Johxzu wants to merge 2 commits intoSK-EID:masterfrom
Conversation
There was a problem hiding this comment.
Kuna ch.qos.logback:logback-classic versioonile 1.2.13 raporteeritakse https://mvnrepository.com/artifact/ch.qos.logback/logback-classic/1.2.13 põhjal 12 CVE, muuhulgas kriitilisi, siis otsustati antud testi selle PR raames mitte lisada, kas saaksid selle faili muudatused tagasi tõmmata.
Selle testi saab lisada peale SLF4J API versioonile 2 üleminekut.
There was a problem hiding this comment.
Kas saaksid muuta 2019 --> 2026, sest hetkel kehtiv põhimõte on uuendada muudetud failide litsentsi päistes aastat.
pom.xml
Outdated
| <groupId>ch.qos.logback</groupId> | ||
| <artifactId>logback-classic</artifactId> | ||
| <version>1.3.12</version> | ||
| <version>1.2.13</version> |
There was a problem hiding this comment.
Kas saaksid selle muudatuse tagasi tõmmata, kuna versioon 1.2.13 sisaldab kriitilisi haavatavusi ja otsustati testi antud PR raames mitte lisada.
… after migrating to slf4j-api 2.0
|
Reverted logback downgrade and removed test. |
2 participants
task: https://jira.sk.ee/browse/DDS-3046
commenting on pom.xml change:
So changed Logback to 1.2.13 (pom.xml:132), which is compatible with SLF4J 1.7.x and lets logging-capture tests compile/run.
Alternative would be a broader upgrade to SLF4J 2.x across the project, but that’s a larger migration.