Comments (10)
looks like a very specific setup, I suppose it's not that important, I'll take a look at 1.2.x code
from californium.
doesn't look s like 1.2.x is still maintained https://github.com/qos-ch/logback/commits/branch_1.2.x
The DoS patch on master: qos-ch/logback@9c782b4
The last 1.2 code of the same class: https://github.com/qos-ch/logback/blob/branch_1.2.x/logback-classic/src/main/java/ch/qos/logback/classic/spi/LoggingEventVO.java
So 1.2 looks affected, and it's not yet patched (if they patch it at all)
from californium.
Yes, indeed. And the very most don't run on java 7 and may use newer versions.
So I don't think, that too many will be affected.
Anyway, I prefer, if we can get a statement about the 1.2. versions. Therefore I asked there via email.
from californium.
Thanks!
from californium.
The logback-download-page marks the 1.2.12 as INACTIVE.
Good reason, to start over with Californium 4.0 and drop java 7 support.
from californium.
Just as note:
logback 1.3 seems to require also a newer slf4j ;-(.
So, don't use "remote appender".
from californium.
And switching to slf4j 2.0.9 is the reported as API break by revapi ;-).
In my experience, revapi is unfortunately not too easy for investigate on that.
AFAIK, some code in scandium has used LOGGER with "protected", that could be changed in a version 4.0. What else need to be changed, needs investigation.
from californium.
FilteredLogger also exposes the Logger. That could also be changed to a String.
from californium.
PR #2197
First step to migrate slf4j with the next major Californium version.
from californium.
logback 1.2.13 was released today. It fixes the aforementioned CVE.
from californium.
Related Issues (20)
- Confirmable message with ACK with next message HOT 13
- Dealing with RESPONSE_MATCHING parameter on device (reverse engineering) HOT 2
- Minor Release 3.9.0 - Available HOT 11
- Why do DTLS_CONNECTOR_THREAD_COUNT and DTLS_RECEIVER_THREAD_COUNT default to 1? HOT 1
- IllegalStateException: automatic message IDs exhausted HOT 9
- FETCH and blockwise - Behavior change of Californium 3.8
- I have a question about simple file server HOT 15
- DatagramFilterExtended#onDrop called with not "full" Record HOT 5
- I used californium for Android 11, and there is some mistakes, and I don't understand why? HOT 5
- CoAP Request-Tag option Support HOT 2
- Add Sequence Token Generator ? HOT 3
- CoAP Echo option Support HOT 3
- Bugfix Release 3.9.1 - Available HOT 1
- I wanna save the whole logs of SenML JSON. HOT 7
- Demo certificates renewed
- Request response metrics - Experience using Azure Insights and Californium HOT 8
- Minor Release 3.10.0 - Available HOT 1
- Handshake with [x.x.x.x:xxxx] failed after session was established! Alert Protocol Level: FATAL Description: HANDSHAKE_FAILURE HOT 17
- Californium Deployment issues HOT 12
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from californium.