Logback Vulnerability Priority

tsuyoshizawa · December 20, 2021, 3:53pm

Play Framework uses Logback as its standard logging library instead of log4j2.

Logback has also been released to address the vulnerability, although log4j2 has been spared from addressing the more urgent vulnerability. http://logback.qos.ch/news.html

Are you planning to release a version that supports these in the near future?
Or is there a policy for an emergency release with the latest version applied?

Many projects support this by overriding their own version of the Logback library. It is good for all Play Framework users that Play Framework releases with the latest version of Logback applied.

mkurz · December 20, 2021, 4:21pm

Hi!
I am planning to release Play 2.8.12 this week, including latest logback.
See 2.8.12 Milestone · GitHub

tsuyoshizawa · December 20, 2021, 4:45pm

That’s great news. I’m looking forward to the new version.
Thank you for all your support for Play.

Topic		Replies	Views
Move away from Logback and slf4j? Play Framework	3	1479	March 23, 2021
Update Play framework with Log4j 2.15.0 dependency Play Framework java	1	1323	December 29, 2021
Play logback doesnt work when explicit logback dependency is on classpath Play Framework	3	767	October 20, 2018
Play 2.6.17 released Play Framework	5	1087	August 3, 2018
Play 2.6.15 released! Play Framework releases	0	1178	May 28, 2018

Logback Vulnerability Priority

Related Topics