Logback Vulnerability Priority

Play Framework uses Logback as its standard logging library instead of log4j2.

Logback has also been released to address the vulnerability, although log4j2 has been spared from addressing the more urgent vulnerability. http://logback.qos.ch/news.html

Are you planning to release a version that supports these in the near future?
Or is there a policy for an emergency release with the latest version applied?

Many projects support this by overriding their own version of the Logback library. It is good for all Play Framework users that Play Framework releases with the latest version of Logback applied.

1 Like

I am planning to release Play 2.8.12 this week, including latest logback.
See 2.8.12 Milestone · GitHub


That’s great news. I’m looking forward to the new version.
Thank you for all your support for Play.