Skip to content

Bump ch.qos.logback:logback-classic from 1.5.35 to 1.5.36#3268

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/ch.qos.logback-logback-classic-1.5.36
Open

Bump ch.qos.logback:logback-classic from 1.5.35 to 1.5.36#3268
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/ch.qos.logback-logback-classic-1.5.36

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps ch.qos.logback:logback-classic from 1.5.35 to 1.5.36.

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.36

2026-06-25 Release of logback version 1.5.36

• The 'condition' attribute in <if> elements now reject certain references that are associated with ACE attacks. This issue was reported by "yulate" (yulate531@gmail.com.com) and registered as CVE-2026-13006.

• A bitwise identical binary of this version can be reproduced by building from source code at commit 9b94c37562bf25a6a944146701d42ee6c4eee888 associated with the tag v_1.5.36. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 1, 2026
@reta

reta commented Jul 1, 2026

Copy link
Copy Markdown
Member

@dependabot rebase please

Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.35 to 1.5.36.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.35...v_1.5.36)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.36
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/maven/ch.qos.logback-logback-classic-1.5.36 branch from fa7bd27 to 252670c Compare July 1, 2026 04:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant