Upgrade logback to 1.5.25 to fix CVE-2026-1225

meysholdt · ona-agent · meysholdt · commit 537efa4dfd5c · 2026-03-09T13:23:30.000Z
Override logback.version property in pom.xml to resolve Dependabot alert #1 (ch.qos.logback:logback-core < 1.5.25). Co-authored-by: Ona <no-reply@ona.com>
diff --git a/pom.xml b/pom.xml
@@ -24,6 +24,7 @@
     <webjars-bootstrap.version>5.3.8</webjars-bootstrap.version>
     <webjars-font-awesome.version>4.7.0</webjars-font-awesome.version>
 
+    <logback.version>1.5.25</logback.version>
     <checkstyle.version>12.1.2</checkstyle.version>
     <jacoco.version>0.8.14</jacoco.version>
     <libsass.version>0.3.4</libsass.version>
