Skip to content

Bump ch.qos.logback:logback-classic from 1.5.35 to 1.5.36#3268

Merged
reta merged 1 commit into
mainfrom
dependabot/maven/ch.qos.logback-logback-classic-1.5.36
Jul 1, 2026
Merged

Bump ch.qos.logback:logback-classic from 1.5.35 to 1.5.36#3268
reta merged 1 commit into
mainfrom
dependabot/maven/ch.qos.logback-logback-classic-1.5.36

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps ch.qos.logback:logback-classic from 1.5.35 to 1.5.36.

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.36

2026-06-25 Release of logback version 1.5.36

• The 'condition' attribute in <if> elements now reject certain references that are associated with ACE attacks. This issue was reported by "yulate" (yulate531@gmail.com.com) and registered as CVE-2026-13006.

• A bitwise identical binary of this version can be reproduced by building from source code at commit 9b94c37562bf25a6a944146701d42ee6c4eee888 associated with the tag v_1.5.36. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 1, 2026
@reta

reta commented Jul 1, 2026

Copy link
Copy Markdown
Member

@dependabot rebase please

Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.35 to 1.5.36.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.35...v_1.5.36)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.36
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/maven/ch.qos.logback-logback-classic-1.5.36 branch from fa7bd27 to 252670c Compare July 1, 2026 04:02
@reta reta merged commit cc64851 into main Jul 1, 2026
5 checks passed
@dependabot dependabot Bot deleted the dependabot/maven/ch.qos.logback-logback-classic-1.5.36 branch July 1, 2026 12:05
reta pushed a commit that referenced this pull request Jul 2, 2026
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.35 to 1.5.36.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.35...v_1.5.36)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.36
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit cc64851)

# Conflicts:
#	parent/pom.xml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant