{"id":9278,"name":"logback.version","ecosystem":"maven","repository_url":null,"issues_count":170,"created_at":"2025-06-06T22:32:53.646Z","updated_at":"2025-06-06T22:32:53.646Z","purl":"pkg:maven/logback.version","unique_repositories_count":95,"unique_repositories_count_past_30_days":1,"recent_issues":[{"uuid":"4555381974","node_id":"PR_kwDOP1FeW87g_PLE","number":1537,"state":"open","title":"chore(deps): bump logback.version from 1.5.32 to 1.5.33","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T19:02:41.000Z","updated_at":"2026-05-30T19:13:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"logback.version","old_version":"1.5.32","new_version":"1.5.33","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.32 to 1.5.33.\nUpdates `ch.qos.logback:logback-classic` from 1.5.32 to 1.5.33\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.33\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-05-27 Release of logback version 1.5.33\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003ccode\u003ePropertiesConfiguratorModelHandler\u003c/code\u003e now registers properties file URLs to the \u003ccode\u003eConfigurationWatchList\u003c/code\u003e when scan is enabled (via local scan=\u0026quot;true\u0026quot; attribute or top-level configuration scan), ensuring changes are detected and reconfiguration occurs. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1034\"\u003eissues/1034\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• When processing \u003ccode\u003e\u0026lt;conversionRule\u0026gt;\u003c/code\u003e elements and both \u003ccode\u003eclass\u003c/code\u003e and \u003ccode\u003econverterClass\u003c/code\u003e attributes are specified, silently use the class attribute without issuing a warning. However, if the attribute values differ, a warning will be issued. This change was requested in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1031\"\u003eissues/1031\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• \u003ccode\u003eHardenedModelInputStream\u003c/code\u003e will no longer accept to deserialize all classes located under the \u0026quot;java.lang\u0026quot; and \u0026quot;java.util\u0026quot; packages but a limited number of explicitly authorized classes in those packages. This potential deserialization whitelist bypass vulnerability was reported by \u003ca href=\"https://github.com/york-shen\"\u003eYork Shen\u003c/a\u003e and registered as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-9828\"\u003eCVE-2026-9828\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• SSL parameters for \u003ccode\u003eSSLSocketAppender\u003c/code\u003e now enable hostname verification by default. Moreover, the default protocol is now \u0026quot;TLSv1.2\u0026quot;. This potential vulnerability was reported by York Shen.\u003c/p\u003e\n\u003cp\u003e• When printing the status message field, \u003ccode\u003eViewStatusMessagesServletBase\u003c/code\u003e now escapes special characters such as \u0026quot;\u0026amp;\u0026quot; as character entities. This potential vulnerability was reported by York Shen.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 124e8b49b55ac34d08743a0646bd463410192647 associated with the tag v_1.5.33. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/124e8b49b55ac34d08743a0646bd463410192647\"\u003e\u003ccode\u003e124e8b4\u003c/code\u003e\u003c/a\u003e prepare release 1.5.33\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d8fd6f25c7f12282871164911fe423c86e2ef8f3\"\u003e\u003ccode\u003ed8fd6f2\u003c/code\u003e\u003c/a\u003e escapeTags in message field when printing status messages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/95edbeb8dbf53494f36324aeb7bef1825aff6cc4\"\u003e\u003ccode\u003e95edbeb\u003c/code\u003e\u003c/a\u003e hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/b768a96e191bf0d15aeff207a5b160e5c0c8dba2\"\u003e\u003ccode\u003eb768a96\u003c/code\u003e\u003c/a\u003e remove spurious java.swing.* import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/12cf2c5a150ee3ff4a720789bcfc6e047e836b0c\"\u003e\u003ccode\u003e12cf2c5\u003c/code\u003e\u003c/a\u003e classes in java.lang and java.util are now whitelisted individually\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e9133edbe58a20927f88cef609e0436f77bb8a96\"\u003e\u003ccode\u003ee9133ed\u003c/code\u003e\u003c/a\u003e fix typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/47089a2f88785a72387d86d463c5bbe751fe6750\"\u003e\u003ccode\u003e47089a2\u003c/code\u003e\u003c/a\u003e added Filip Egeric icla\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/85735f7a097a78729bd3d29d8ea2f4b80da1a0e6\"\u003e\u003ccode\u003e85735f7\u003c/code\u003e\u003c/a\u003e Modified ConversionRuleAction.java: Updated validPreconditions() to\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/614f7a726a5b2e71e8c5fb174967c7d1069721f2\"\u003e\u003ccode\u003e614f7a7\u003c/code\u003e\u003c/a\u003e the official name for initial instructions file foe coding agents is AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/fe50bb56abddd6d68ac1e31ff8851c306bf736c4\"\u003e\u003ccode\u003efe50bb5\u003c/code\u003e\u003c/a\u003e fix: do not warn when both converterClass and class attributes are specified ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.32...v_1.5.33\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.32 to 1.5.33\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.33\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-05-27 Release of logback version 1.5.33\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003ccode\u003ePropertiesConfiguratorModelHandler\u003c/code\u003e now registers properties file URLs to the \u003ccode\u003eConfigurationWatchList\u003c/code\u003e when scan is enabled (via local scan=\u0026quot;true\u0026quot; attribute or top-level configuration scan), ensuring changes are detected and reconfiguration occurs. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1034\"\u003eissues/1034\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• When processing \u003ccode\u003e\u0026lt;conversionRule\u0026gt;\u003c/code\u003e elements and both \u003ccode\u003eclass\u003c/code\u003e and \u003ccode\u003econverterClass\u003c/code\u003e attributes are specified, silently use the class attribute without issuing a warning. However, if the attribute values differ, a warning will be issued. This change was requested in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1031\"\u003eissues/1031\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• \u003ccode\u003eHardenedModelInputStream\u003c/code\u003e will no longer accept to deserialize all classes located under the \u0026quot;java.lang\u0026quot; and \u0026quot;java.util\u0026quot; packages but a limited number of explicitly authorized classes in those packages. This potential deserialization whitelist bypass vulnerability was reported by \u003ca href=\"https://github.com/york-shen\"\u003eYork Shen\u003c/a\u003e and registered as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-9828\"\u003eCVE-2026-9828\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• SSL parameters for \u003ccode\u003eSSLSocketAppender\u003c/code\u003e now enable hostname verification by default. Moreover, the default protocol is now \u0026quot;TLSv1.2\u0026quot;. This potential vulnerability was reported by York Shen.\u003c/p\u003e\n\u003cp\u003e• When printing the status message field, \u003ccode\u003eViewStatusMessagesServletBase\u003c/code\u003e now escapes special characters such as \u0026quot;\u0026amp;\u0026quot; as character entities. This potential vulnerability was reported by York Shen.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 124e8b49b55ac34d08743a0646bd463410192647 associated with the tag v_1.5.33. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/124e8b49b55ac34d08743a0646bd463410192647\"\u003e\u003ccode\u003e124e8b4\u003c/code\u003e\u003c/a\u003e prepare release 1.5.33\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d8fd6f25c7f12282871164911fe423c86e2ef8f3\"\u003e\u003ccode\u003ed8fd6f2\u003c/code\u003e\u003c/a\u003e escapeTags in message field when printing status messages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/95edbeb8dbf53494f36324aeb7bef1825aff6cc4\"\u003e\u003ccode\u003e95edbeb\u003c/code\u003e\u003c/a\u003e hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/b768a96e191bf0d15aeff207a5b160e5c0c8dba2\"\u003e\u003ccode\u003eb768a96\u003c/code\u003e\u003c/a\u003e remove spurious java.swing.* import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/12cf2c5a150ee3ff4a720789bcfc6e047e836b0c\"\u003e\u003ccode\u003e12cf2c5\u003c/code\u003e\u003c/a\u003e classes in java.lang and java.util are now whitelisted individually\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e9133edbe58a20927f88cef609e0436f77bb8a96\"\u003e\u003ccode\u003ee9133ed\u003c/code\u003e\u003c/a\u003e fix typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/47089a2f88785a72387d86d463c5bbe751fe6750\"\u003e\u003ccode\u003e47089a2\u003c/code\u003e\u003c/a\u003e added Filip Egeric icla\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/85735f7a097a78729bd3d29d8ea2f4b80da1a0e6\"\u003e\u003ccode\u003e85735f7\u003c/code\u003e\u003c/a\u003e Modified ConversionRuleAction.java: Updated validPreconditions() to\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/614f7a726a5b2e71e8c5fb174967c7d1069721f2\"\u003e\u003ccode\u003e614f7a7\u003c/code\u003e\u003c/a\u003e the official name for initial instructions file foe coding agents is AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/fe50bb56abddd6d68ac1e31ff8851c306bf736c4\"\u003e\u003ccode\u003efe50bb5\u003c/code\u003e\u003c/a\u003e fix: do not warn when both converterClass and class attributes are specified ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.32...v_1.5.33\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/agentscope-ai/agentscope-java/pull/1537","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/agentscope-ai%2Fagentscope-java/issues/1537","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1537/packages"},{"uuid":"4209265735","node_id":"PR_kwDOCGpYss7QGxPc","number":745,"state":"open","title":"build(deps): bump logback.version from 1.5.31 to 1.5.32","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-06T03:03:26.000Z","updated_at":"2026-04-06T03:19:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"logback.version","old_version":"1.5.31","new_version":"1.5.32","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.31 to 1.5.32.\nUpdates `ch.qos.logback:logback-core` from 1.5.31 to 1.5.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-16 Release of logback version 1.5.32\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eDefaultProcessor, \u003c/code\u003efixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback-access/issues/34\"\u003elogback-access/issues/34\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e807335a67535b4eacce94e942c0bcb649665d93\"\u003e\u003ccode\u003ee807335\u003c/code\u003e\u003c/a\u003e prepare release 1.5.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/dc35d552bbd87cea8b98bea44ff0a113631075e7\"\u003e\u003ccode\u003edc35d55\u003c/code\u003e\u003c/a\u003e fix logback-access/issues/34 by checking if dependency is a sub-model of the ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8e32278700d5b0cfca70c246f6db0d639bb1f21b\"\u003e\u003ccode\u003e8e32278\u003c/code\u003e\u003c/a\u003e added simple test for appender definitiob via file inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/834dbedefdb3cf43f77618ddc3d1d89e5c98b488\"\u003e\u003ccode\u003e834dbed\u003c/code\u003e\u003c/a\u003e start work on 1.5.32-SNAPSHOT\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.31...v_1.5.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.5.31 to 1.5.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-16 Release of logback version 1.5.32\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eDefaultProcessor, \u003c/code\u003efixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback-access/issues/34\"\u003elogback-access/issues/34\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e807335a67535b4eacce94e942c0bcb649665d93\"\u003e\u003ccode\u003ee807335\u003c/code\u003e\u003c/a\u003e prepare release 1.5.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/dc35d552bbd87cea8b98bea44ff0a113631075e7\"\u003e\u003ccode\u003edc35d55\u003c/code\u003e\u003c/a\u003e fix logback-access/issues/34 by checking if dependency is a sub-model of the ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8e32278700d5b0cfca70c246f6db0d639bb1f21b\"\u003e\u003ccode\u003e8e32278\u003c/code\u003e\u003c/a\u003e added simple test for appender definitiob via file inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/834dbedefdb3cf43f77618ddc3d1d89e5c98b488\"\u003e\u003ccode\u003e834dbed\u003c/code\u003e\u003c/a\u003e start work on 1.5.32-SNAPSHOT\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.31...v_1.5.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/streamthoughts/jikkou/pull/745","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/streamthoughts%2Fjikkou/issues/745","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/745/packages"},{"uuid":"4010725647","node_id":"PR_kwDOB4flrc7HTa1j","number":765,"state":"open","title":"Bump logback.version from 1.5.16 to 1.5.32","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-02T11:22:38.000Z","updated_at":"2026-03-03T08:04:32.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.16","new_version":"1.5.32","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.16 to 1.5.32.\nUpdates `ch.qos.logback:logback-classic` from 1.5.16 to 1.5.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-16 Release of logback version 1.5.32\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eDefaultProcessor, \u003c/code\u003efixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback-access/issues/34\"\u003elogback-access/issues/34\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback  1.5.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback version 1.5.31\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback  version 1.5.30\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003cstrong\u003eIn this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fix scanning issue when an included file becomes available at a later time. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1021\"\u003eissues/1021\u003c/a\u003e by Sergey Nazarov.\u003c/p\u003e\n\u003cp\u003e• Standardized code for version checking across modules.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.29\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-09 Release of logback version 1.5.29\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1017\"\u003eissues/1017\u003c/a\u003e, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e807335a67535b4eacce94e942c0bcb649665d93\"\u003e\u003ccode\u003ee807335\u003c/code\u003e\u003c/a\u003e prepare release 1.5.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/dc35d552bbd87cea8b98bea44ff0a113631075e7\"\u003e\u003ccode\u003edc35d55\u003c/code\u003e\u003c/a\u003e fix logback-access/issues/34 by checking if dependency is a sub-model of the ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8e32278700d5b0cfca70c246f6db0d639bb1f21b\"\u003e\u003ccode\u003e8e32278\u003c/code\u003e\u003c/a\u003e added simple test for appender definitiob via file inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/834dbedefdb3cf43f77618ddc3d1d89e5c98b488\"\u003e\u003ccode\u003e834dbed\u003c/code\u003e\u003c/a\u003e start work on 1.5.32-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b\"\u003e\u003ccode\u003e168e42f\u003c/code\u003e\u003c/a\u003e add test to check that Logback SLF4J provider can be activated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ed45362291e060a93b2b28825ad3706ab85066ba\"\u003e\u003ccode\u003eed45362\u003c/code\u003e\u003c/a\u003e prepare release 1.5.31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/609dae79d06b38518b48f826a22b1e7e233903c3\"\u003e\u003ccode\u003e609dae7\u003c/code\u003e\u003c/a\u003e fix missing META-INF directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/77397397cd0751b4d7eb5b7ee836137072505f16\"\u003e\u003ccode\u003e7739739\u003c/code\u003e\u003c/a\u003e start work on 1.5.31-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44164f10ca3fb44ce0e68519f13564b87e3aca61\"\u003e\u003ccode\u003e44164f1\u003c/code\u003e\u003c/a\u003e prepare release 1.5.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9874f06e247258e0122a099ae65964d41f2be10b\"\u003e\u003ccode\u003e9874f06\u003c/code\u003e\u003c/a\u003e test for top-file as a resource, introduced new module logback-classic-misc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.16...v_1.5.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.16 to 1.5.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-16 Release of logback version 1.5.32\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eDefaultProcessor, \u003c/code\u003efixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback-access/issues/34\"\u003elogback-access/issues/34\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback  1.5.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback version 1.5.31\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback  version 1.5.30\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003cstrong\u003eIn this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fix scanning issue when an included file becomes available at a later time. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1021\"\u003eissues/1021\u003c/a\u003e by Sergey Nazarov.\u003c/p\u003e\n\u003cp\u003e• Standardized code for version checking across modules.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.29\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-09 Release of logback version 1.5.29\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1017\"\u003eissues/1017\u003c/a\u003e, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e807335a67535b4eacce94e942c0bcb649665d93\"\u003e\u003ccode\u003ee807335\u003c/code\u003e\u003c/a\u003e prepare release 1.5.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/dc35d552bbd87cea8b98bea44ff0a113631075e7\"\u003e\u003ccode\u003edc35d55\u003c/code\u003e\u003c/a\u003e fix logback-access/issues/34 by checking if dependency is a sub-model of the ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8e32278700d5b0cfca70c246f6db0d639bb1f21b\"\u003e\u003ccode\u003e8e32278\u003c/code\u003e\u003c/a\u003e added simple test for appender definitiob via file inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/834dbedefdb3cf43f77618ddc3d1d89e5c98b488\"\u003e\u003ccode\u003e834dbed\u003c/code\u003e\u003c/a\u003e start work on 1.5.32-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b\"\u003e\u003ccode\u003e168e42f\u003c/code\u003e\u003c/a\u003e add test to check that Logback SLF4J provider can be activated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ed45362291e060a93b2b28825ad3706ab85066ba\"\u003e\u003ccode\u003eed45362\u003c/code\u003e\u003c/a\u003e prepare release 1.5.31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/609dae79d06b38518b48f826a22b1e7e233903c3\"\u003e\u003ccode\u003e609dae7\u003c/code\u003e\u003c/a\u003e fix missing META-INF directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/77397397cd0751b4d7eb5b7ee836137072505f16\"\u003e\u003ccode\u003e7739739\u003c/code\u003e\u003c/a\u003e start work on 1.5.31-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44164f10ca3fb44ce0e68519f13564b87e3aca61\"\u003e\u003ccode\u003e44164f1\u003c/code\u003e\u003c/a\u003e prepare release 1.5.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9874f06e247258e0122a099ae65964d41f2be10b\"\u003e\u003ccode\u003e9874f06\u003c/code\u003e\u003c/a\u003e test for top-file as a resource, introduced new module logback-classic-misc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.16...v_1.5.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/navikt/common-java-modules/pull/765","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/navikt%2Fcommon-java-modules/issues/765","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/765/packages"},{"uuid":"3950210105","node_id":"PR_kwDOIo8AOc7EOfcY","number":278,"state":"closed","title":"Bump logback.version from 1.5.31 to 1.5.32","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-17T01:07:54.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-17T01:03:37.000Z","updated_at":"2026-02-17T01:07:56.000Z","time_to_close":257,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.31","new_version":"1.5.32","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.31 to 1.5.32.\nUpdates `ch.qos.logback:logback-core` from 1.5.31 to 1.5.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-16 Release of logback version 1.5.32\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eDefaultProcessor, \u003c/code\u003efixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback-access/issues/34\"\u003elogback-access/issues/34\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e807335a67535b4eacce94e942c0bcb649665d93\"\u003e\u003ccode\u003ee807335\u003c/code\u003e\u003c/a\u003e prepare release 1.5.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/dc35d552bbd87cea8b98bea44ff0a113631075e7\"\u003e\u003ccode\u003edc35d55\u003c/code\u003e\u003c/a\u003e fix logback-access/issues/34 by checking if dependency is a sub-model of the ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8e32278700d5b0cfca70c246f6db0d639bb1f21b\"\u003e\u003ccode\u003e8e32278\u003c/code\u003e\u003c/a\u003e added simple test for appender definitiob via file inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/834dbedefdb3cf43f77618ddc3d1d89e5c98b488\"\u003e\u003ccode\u003e834dbed\u003c/code\u003e\u003c/a\u003e start work on 1.5.32-SNAPSHOT\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.31...v_1.5.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.5.31 to 1.5.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-16 Release of logback version 1.5.32\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eDefaultProcessor, \u003c/code\u003efixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback-access/issues/34\"\u003elogback-access/issues/34\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e807335a67535b4eacce94e942c0bcb649665d93\"\u003e\u003ccode\u003ee807335\u003c/code\u003e\u003c/a\u003e prepare release 1.5.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/dc35d552bbd87cea8b98bea44ff0a113631075e7\"\u003e\u003ccode\u003edc35d55\u003c/code\u003e\u003c/a\u003e fix logback-access/issues/34 by checking if dependency is a sub-model of the ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8e32278700d5b0cfca70c246f6db0d639bb1f21b\"\u003e\u003ccode\u003e8e32278\u003c/code\u003e\u003c/a\u003e added simple test for appender definitiob via file inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/834dbedefdb3cf43f77618ddc3d1d89e5c98b488\"\u003e\u003ccode\u003e834dbed\u003c/code\u003e\u003c/a\u003e start work on 1.5.32-SNAPSHOT\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.31...v_1.5.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/sebastian-toepfer/domain-driven-desgin/pull/278","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sebastian-toepfer%2Fdomain-driven-desgin/issues/278","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/278/packages"},{"uuid":"3945798785","node_id":"PR_kwDONWwmEc7D_3E8","number":545,"state":"closed","title":"Bump logback.version from 1.5.29 to 1.5.31","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-17T04:13:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-16T04:22:02.000Z","updated_at":"2026-02-17T04:13:24.000Z","time_to_close":85881,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.29","new_version":"1.5.31","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.29 to 1.5.31.\nUpdates `ch.qos.logback:logback-core` from 1.5.29 to 1.5.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback  1.5.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback version 1.5.31\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback  version 1.5.30\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003cstrong\u003eIn this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fix scanning issue when an included file becomes available at a later time. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1021\"\u003eissues/1021\u003c/a\u003e by Sergey Nazarov.\u003c/p\u003e\n\u003cp\u003e• Standardized code for version checking across modules.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b\"\u003e\u003ccode\u003e168e42f\u003c/code\u003e\u003c/a\u003e add test to check that Logback SLF4J provider can be activated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ed45362291e060a93b2b28825ad3706ab85066ba\"\u003e\u003ccode\u003eed45362\u003c/code\u003e\u003c/a\u003e prepare release 1.5.31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/609dae79d06b38518b48f826a22b1e7e233903c3\"\u003e\u003ccode\u003e609dae7\u003c/code\u003e\u003c/a\u003e fix missing META-INF directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/77397397cd0751b4d7eb5b7ee836137072505f16\"\u003e\u003ccode\u003e7739739\u003c/code\u003e\u003c/a\u003e start work on 1.5.31-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44164f10ca3fb44ce0e68519f13564b87e3aca61\"\u003e\u003ccode\u003e44164f1\u003c/code\u003e\u003c/a\u003e prepare release 1.5.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9874f06e247258e0122a099ae65964d41f2be10b\"\u003e\u003ccode\u003e9874f06\u003c/code\u003e\u003c/a\u003e test for top-file as a resource, introduced new module logback-classic-misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c8e5c3c83321fe10726bb0d92e220a0a35c925d\"\u003e\u003ccode\u003e5c8e5c3\u003c/code\u003e\u003c/a\u003e fix scanning for included files to be created later, issues/1021\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/edcc7e843ab97e80e9f87e5a3f659062313d792d\"\u003e\u003ccode\u003eedcc7e8\u003c/code\u003e\u003c/a\u003e remove unused/commented out methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/49f29a33b60ed8623576f0a5e29b8cd0137f426b\"\u003e\u003ccode\u003e49f29a3\u003c/code\u003e\u003c/a\u003e fix resource location\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c50f910735136c030d791fccd940ab78f1aec10\"\u003e\u003ccode\u003e5c50f91\u003c/code\u003e\u003c/a\u003e standardize version checking\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.29...v_1.5.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.5.29 to 1.5.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback  1.5.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback version 1.5.31\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback  version 1.5.30\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003cstrong\u003eIn this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fix scanning issue when an included file becomes available at a later time. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1021\"\u003eissues/1021\u003c/a\u003e by Sergey Nazarov.\u003c/p\u003e\n\u003cp\u003e• Standardized code for version checking across modules.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b\"\u003e\u003ccode\u003e168e42f\u003c/code\u003e\u003c/a\u003e add test to check that Logback SLF4J provider can be activated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ed45362291e060a93b2b28825ad3706ab85066ba\"\u003e\u003ccode\u003eed45362\u003c/code\u003e\u003c/a\u003e prepare release 1.5.31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/609dae79d06b38518b48f826a22b1e7e233903c3\"\u003e\u003ccode\u003e609dae7\u003c/code\u003e\u003c/a\u003e fix missing META-INF directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/77397397cd0751b4d7eb5b7ee836137072505f16\"\u003e\u003ccode\u003e7739739\u003c/code\u003e\u003c/a\u003e start work on 1.5.31-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44164f10ca3fb44ce0e68519f13564b87e3aca61\"\u003e\u003ccode\u003e44164f1\u003c/code\u003e\u003c/a\u003e prepare release 1.5.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9874f06e247258e0122a099ae65964d41f2be10b\"\u003e\u003ccode\u003e9874f06\u003c/code\u003e\u003c/a\u003e test for top-file as a resource, introduced new module logback-classic-misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c8e5c3c83321fe10726bb0d92e220a0a35c925d\"\u003e\u003ccode\u003e5c8e5c3\u003c/code\u003e\u003c/a\u003e fix scanning for included files to be created later, issues/1021\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/edcc7e843ab97e80e9f87e5a3f659062313d792d\"\u003e\u003ccode\u003eedcc7e8\u003c/code\u003e\u003c/a\u003e remove unused/commented out methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/49f29a33b60ed8623576f0a5e29b8cd0137f426b\"\u003e\u003ccode\u003e49f29a3\u003c/code\u003e\u003c/a\u003e fix resource location\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c50f910735136c030d791fccd940ab78f1aec10\"\u003e\u003ccode\u003e5c50f91\u003c/code\u003e\u003c/a\u003e standardize version checking\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.29...v_1.5.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/icebergplus/icebergplus/pull/545","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/icebergplus%2Ficebergplus/issues/545","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/545/packages"},{"uuid":"3945023864","node_id":"PR_kwDOLL9yG87D9XYi","number":70,"state":"closed","title":"build(deps-dev): bump logback.version from 1.5.23 to 1.5.31","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-16T22:04:45.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-15T22:02:45.000Z","updated_at":"2026-02-16T22:04:46.000Z","time_to_close":86520,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps-dev)","packages":[{"name":"logback.version","old_version":"1.5.23","new_version":"1.5.31","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.23 to 1.5.31.\nUpdates `ch.qos.logback:logback-core` from 1.5.23 to 1.5.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback  1.5.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback version 1.5.31\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback  version 1.5.30\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003cstrong\u003eIn this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fix scanning issue when an included file becomes available at a later time. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1021\"\u003eissues/1021\u003c/a\u003e by Sergey Nazarov.\u003c/p\u003e\n\u003cp\u003e• Standardized code for version checking across modules.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.29\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-09 Release of logback version 1.5.29\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1017\"\u003eissues/1017\u003c/a\u003e, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b\"\u003e\u003ccode\u003e168e42f\u003c/code\u003e\u003c/a\u003e add test to check that Logback SLF4J provider can be activated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ed45362291e060a93b2b28825ad3706ab85066ba\"\u003e\u003ccode\u003eed45362\u003c/code\u003e\u003c/a\u003e prepare release 1.5.31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/609dae79d06b38518b48f826a22b1e7e233903c3\"\u003e\u003ccode\u003e609dae7\u003c/code\u003e\u003c/a\u003e fix missing META-INF directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/77397397cd0751b4d7eb5b7ee836137072505f16\"\u003e\u003ccode\u003e7739739\u003c/code\u003e\u003c/a\u003e start work on 1.5.31-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44164f10ca3fb44ce0e68519f13564b87e3aca61\"\u003e\u003ccode\u003e44164f1\u003c/code\u003e\u003c/a\u003e prepare release 1.5.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9874f06e247258e0122a099ae65964d41f2be10b\"\u003e\u003ccode\u003e9874f06\u003c/code\u003e\u003c/a\u003e test for top-file as a resource, introduced new module logback-classic-misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c8e5c3c83321fe10726bb0d92e220a0a35c925d\"\u003e\u003ccode\u003e5c8e5c3\u003c/code\u003e\u003c/a\u003e fix scanning for included files to be created later, issues/1021\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/edcc7e843ab97e80e9f87e5a3f659062313d792d\"\u003e\u003ccode\u003eedcc7e8\u003c/code\u003e\u003c/a\u003e remove unused/commented out methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/49f29a33b60ed8623576f0a5e29b8cd0137f426b\"\u003e\u003ccode\u003e49f29a3\u003c/code\u003e\u003c/a\u003e fix resource location\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c50f910735136c030d791fccd940ab78f1aec10\"\u003e\u003ccode\u003e5c50f91\u003c/code\u003e\u003c/a\u003e standardize version checking\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.5.23 to 1.5.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback  1.5.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback version 1.5.31\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback  version 1.5.30\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003cstrong\u003eIn this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fix scanning issue when an included file becomes available at a later time. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1021\"\u003eissues/1021\u003c/a\u003e by Sergey Nazarov.\u003c/p\u003e\n\u003cp\u003e• Standardized code for version checking across modules.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.29\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-09 Release of logback version 1.5.29\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1017\"\u003eissues/1017\u003c/a\u003e, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b\"\u003e\u003ccode\u003e168e42f\u003c/code\u003e\u003c/a\u003e add test to check that Logback SLF4J provider can be activated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ed45362291e060a93b2b28825ad3706ab85066ba\"\u003e\u003ccode\u003eed45362\u003c/code\u003e\u003c/a\u003e prepare release 1.5.31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/609dae79d06b38518b48f826a22b1e7e233903c3\"\u003e\u003ccode\u003e609dae7\u003c/code\u003e\u003c/a\u003e fix missing META-INF directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/77397397cd0751b4d7eb5b7ee836137072505f16\"\u003e\u003ccode\u003e7739739\u003c/code\u003e\u003c/a\u003e start work on 1.5.31-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44164f10ca3fb44ce0e68519f13564b87e3aca61\"\u003e\u003ccode\u003e44164f1\u003c/code\u003e\u003c/a\u003e prepare release 1.5.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9874f06e247258e0122a099ae65964d41f2be10b\"\u003e\u003ccode\u003e9874f06\u003c/code\u003e\u003c/a\u003e test for top-file as a resource, introduced new module logback-classic-misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c8e5c3c83321fe10726bb0d92e220a0a35c925d\"\u003e\u003ccode\u003e5c8e5c3\u003c/code\u003e\u003c/a\u003e fix scanning for included files to be created later, issues/1021\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/edcc7e843ab97e80e9f87e5a3f659062313d792d\"\u003e\u003ccode\u003eedcc7e8\u003c/code\u003e\u003c/a\u003e remove unused/commented out methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/49f29a33b60ed8623576f0a5e29b8cd0137f426b\"\u003e\u003ccode\u003e49f29a3\u003c/code\u003e\u003c/a\u003e fix resource location\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c50f910735136c030d791fccd940ab78f1aec10\"\u003e\u003ccode\u003e5c50f91\u003c/code\u003e\u003c/a\u003e standardize version checking\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/aspan/cloudhopper-smpp/pull/70","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/aspan%2Fcloudhopper-smpp/issues/70","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/70/packages"},{"uuid":"3944339218","node_id":"PR_kwDOEoQN3s7D7Q5g","number":2363,"state":"open","title":"build(deps): bump logback.version from 1.5.23 to 1.5.31","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-15T15:43:53.000Z","updated_at":"2026-02-15T15:44:11.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"logback.version","old_version":"1.5.23","new_version":"1.5.31","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.23 to 1.5.31.\nUpdates `ch.qos.logback:logback-classic` from 1.5.23 to 1.5.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback  1.5.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback version 1.5.31\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback  version 1.5.30\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003cstrong\u003eIn this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fix scanning issue when an included file becomes available at a later time. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1021\"\u003eissues/1021\u003c/a\u003e by Sergey Nazarov.\u003c/p\u003e\n\u003cp\u003e• Standardized code for version checking across modules.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.29\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-09 Release of logback version 1.5.29\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1017\"\u003eissues/1017\u003c/a\u003e, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b\"\u003e\u003ccode\u003e168e42f\u003c/code\u003e\u003c/a\u003e add test to check that Logback SLF4J provider can be activated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ed45362291e060a93b2b28825ad3706ab85066ba\"\u003e\u003ccode\u003eed45362\u003c/code\u003e\u003c/a\u003e prepare release 1.5.31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/609dae79d06b38518b48f826a22b1e7e233903c3\"\u003e\u003ccode\u003e609dae7\u003c/code\u003e\u003c/a\u003e fix missing META-INF directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/77397397cd0751b4d7eb5b7ee836137072505f16\"\u003e\u003ccode\u003e7739739\u003c/code\u003e\u003c/a\u003e start work on 1.5.31-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44164f10ca3fb44ce0e68519f13564b87e3aca61\"\u003e\u003ccode\u003e44164f1\u003c/code\u003e\u003c/a\u003e prepare release 1.5.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9874f06e247258e0122a099ae65964d41f2be10b\"\u003e\u003ccode\u003e9874f06\u003c/code\u003e\u003c/a\u003e test for top-file as a resource, introduced new module logback-classic-misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c8e5c3c83321fe10726bb0d92e220a0a35c925d\"\u003e\u003ccode\u003e5c8e5c3\u003c/code\u003e\u003c/a\u003e fix scanning for included files to be created later, issues/1021\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/edcc7e843ab97e80e9f87e5a3f659062313d792d\"\u003e\u003ccode\u003eedcc7e8\u003c/code\u003e\u003c/a\u003e remove unused/commented out methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/49f29a33b60ed8623576f0a5e29b8cd0137f426b\"\u003e\u003ccode\u003e49f29a3\u003c/code\u003e\u003c/a\u003e fix resource location\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c50f910735136c030d791fccd940ab78f1aec10\"\u003e\u003ccode\u003e5c50f91\u003c/code\u003e\u003c/a\u003e standardize version checking\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.23 to 1.5.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback  1.5.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback version 1.5.31\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback  version 1.5.30\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003cstrong\u003eIn this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fix scanning issue when an included file becomes available at a later time. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1021\"\u003eissues/1021\u003c/a\u003e by Sergey Nazarov.\u003c/p\u003e\n\u003cp\u003e• Standardized code for version checking across modules.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.29\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-09 Release of logback version 1.5.29\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1017\"\u003eissues/1017\u003c/a\u003e, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b\"\u003e\u003ccode\u003e168e42f\u003c/code\u003e\u003c/a\u003e add test to check that Logback SLF4J provider can be activated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ed45362291e060a93b2b28825ad3706ab85066ba\"\u003e\u003ccode\u003eed45362\u003c/code\u003e\u003c/a\u003e prepare release 1.5.31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/609dae79d06b38518b48f826a22b1e7e233903c3\"\u003e\u003ccode\u003e609dae7\u003c/code\u003e\u003c/a\u003e fix missing META-INF directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/77397397cd0751b4d7eb5b7ee836137072505f16\"\u003e\u003ccode\u003e7739739\u003c/code\u003e\u003c/a\u003e start work on 1.5.31-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44164f10ca3fb44ce0e68519f13564b87e3aca61\"\u003e\u003ccode\u003e44164f1\u003c/code\u003e\u003c/a\u003e prepare release 1.5.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9874f06e247258e0122a099ae65964d41f2be10b\"\u003e\u003ccode\u003e9874f06\u003c/code\u003e\u003c/a\u003e test for top-file as a resource, introduced new module logback-classic-misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c8e5c3c83321fe10726bb0d92e220a0a35c925d\"\u003e\u003ccode\u003e5c8e5c3\u003c/code\u003e\u003c/a\u003e fix scanning for included files to be created later, issues/1021\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/edcc7e843ab97e80e9f87e5a3f659062313d792d\"\u003e\u003ccode\u003eedcc7e8\u003c/code\u003e\u003c/a\u003e remove unused/commented out methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/49f29a33b60ed8623576f0a5e29b8cd0137f426b\"\u003e\u003ccode\u003e49f29a3\u003c/code\u003e\u003c/a\u003e fix resource location\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c50f910735136c030d791fccd940ab78f1aec10\"\u003e\u003ccode\u003e5c50f91\u003c/code\u003e\u003c/a\u003e standardize version checking\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Crown-Commercial-Service/ccs-scale-cat-service/pull/2363","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Crown-Commercial-Service%2Fccs-scale-cat-service/issues/2363","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2363/packages"},{"uuid":"3918664631","node_id":"PR_kwDOEu4wFc7Cmew6","number":666,"state":"closed","title":"Bump logback.version from 1.5.21 to 1.5.29","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-16T20:44:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-09T23:35:45.000Z","updated_at":"2026-02-16T20:44:24.000Z","time_to_close":594518,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.21","new_version":"1.5.29","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.21 to 1.5.29.\nUpdates `ch.qos.logback:logback-core` from 1.5.21 to 1.5.29\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5db1146b85a4547e9189834e189042b82a97694b\"\u003e\u003ccode\u003e5db1146\u003c/code\u003e\u003c/a\u003e prepare release 1.5.29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/c94a5fefa096946ec36509118dca94438840e2de\"\u003e\u003ccode\u003ec94a5fe\u003c/code\u003e\u003c/a\u003e minor changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2bc697f1f209b814a8fec8f3cd53c8a005d91e6f\"\u003e\u003ccode\u003e2bc697f\u003c/code\u003e\u003c/a\u003e revert commit 4f560a0331b, once again, appender names of references are subje...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/41921311591a969ff0dbc063f42603e2011f6eb8\"\u003e\u003ccode\u003e4192131\u003c/code\u003e\u003c/a\u003e start work on 1.5.29-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.5.21 to 1.5.29\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5db1146b85a4547e9189834e189042b82a97694b\"\u003e\u003ccode\u003e5db1146\u003c/code\u003e\u003c/a\u003e prepare release 1.5.29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/c94a5fefa096946ec36509118dca94438840e2de\"\u003e\u003ccode\u003ec94a5fe\u003c/code\u003e\u003c/a\u003e minor changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2bc697f1f209b814a8fec8f3cd53c8a005d91e6f\"\u003e\u003ccode\u003e2bc697f\u003c/code\u003e\u003c/a\u003e revert commit 4f560a0331b, once again, appender names of references are subje...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/41921311591a969ff0dbc063f42603e2011f6eb8\"\u003e\u003ccode\u003e4192131\u003c/code\u003e\u003c/a\u003e start work on 1.5.29-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/SecureApiGateway/secure-api-gateway-fapi-pep-rs-ob/pull/666","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecureApiGateway%2Fsecure-api-gateway-fapi-pep-rs-ob/issues/666","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/666/packages"},{"uuid":"3916814397","node_id":"PR_kwDOATeDE87CgUXj","number":2586,"state":"closed","title":"Bump logback.version from 1.2.3 to 1.5.28","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-16T14:24:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-09T14:57:23.000Z","updated_at":"2026-02-16T14:24:30.000Z","time_to_close":602825,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.2.3","new_version":"1.5.28","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.2.3 to 1.5.28.\nUpdates `ch.qos.logback:logback-core` from 1.2.3 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.2.3...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.2.3 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.2.3...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/docker-java/docker-java/pull/2586","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker-java%2Fdocker-java/issues/2586","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2586/packages"},{"uuid":"3914912139","node_id":"PR_kwDOP6z2Ys7CZ85s","number":54,"state":"closed","title":"Bump logback.version from 1.5.18 to 1.5.28","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-16T07:21:17.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-09T07:33:16.000Z","updated_at":"2026-02-16T07:21:19.000Z","time_to_close":604081,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.18","new_version":"1.5.28","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.18 to 1.5.28.\nUpdates `ch.qos.logback:logback-classic` from 1.5.18 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.18 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/wilsonpilone/getpebble/pull/54","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wilsonpilone%2Fgetpebble/issues/54","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/54/packages"},{"uuid":"3914007927","node_id":"PR_kwDOFL8C9c7CXBRy","number":225,"state":"closed","title":"Bump logback.version from 1.5.26 to 1.5.28","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-10T02:39:15.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-09T01:23:38.000Z","updated_at":"2026-02-10T02:39:16.000Z","time_to_close":90937,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.26","new_version":"1.5.28","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.26 to 1.5.28.\nUpdates `ch.qos.logback:logback-classic` from 1.5.26 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.26...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.26 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.26...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/navikt/pensjon-selvbetjening-fss-gateway/pull/225","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/navikt%2Fpensjon-selvbetjening-fss-gateway/issues/225","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/225/packages"},{"uuid":"3913868758","node_id":"PR_kwDOPhhvac7CWj6z","number":63,"state":"closed","title":"Bump logback.version from 1.5.18 to 1.5.28","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-16T00:14:33.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-09T00:14:24.000Z","updated_at":"2026-02-16T00:14:35.000Z","time_to_close":604809,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.18","new_version":"1.5.28","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.18 to 1.5.28.\nUpdates `ch.qos.logback:logback-classic` from 1.5.18 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.18 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/bytesiBlaze/physalia/pull/63","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytesiBlaze%2Fphysalia/issues/63","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/63/packages"},{"uuid":"3913665801","node_id":"PR_kwDOLL9yG87CV6g3","number":68,"state":"closed","title":"build(deps-dev): bump logback.version from 1.5.23 to 1.5.28","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-10T00:35:41.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-08T22:02:57.000Z","updated_at":"2026-02-10T00:35:43.000Z","time_to_close":95564,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps-dev)","packages":[{"name":"logback.version","old_version":"1.5.23","new_version":"1.5.28","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.23 to 1.5.28.\nUpdates `ch.qos.logback:logback-core` from 1.5.23 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.5.23 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/aspan/cloudhopper-smpp/pull/68","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/aspan%2Fcloudhopper-smpp/issues/68","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/68/packages"},{"uuid":"3912966647","node_id":"PR_kwDOEoQN3s7CTwO4","number":2351,"state":"open","title":"build(deps): bump logback.version from 1.5.23 to 1.5.28","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-08T15:42:37.000Z","updated_at":"2026-02-08T15:42:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"logback.version","old_version":"1.5.23","new_version":"1.5.28","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.23 to 1.5.28.\nUpdates `ch.qos.logback:logback-classic` from 1.5.23 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.23 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Crown-Commercial-Service/ccs-scale-cat-service/pull/2351","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Crown-Commercial-Service%2Fccs-scale-cat-service/issues/2351","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2351/packages"},{"uuid":"3908474859","node_id":"PR_kwDOBWtjFc7CFdqj","number":67,"state":"closed","title":"Bump logback.version from 1.5.21 to 1.5.28","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-10T00:08:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-06T21:24:34.000Z","updated_at":"2026-02-10T00:08:50.000Z","time_to_close":269054,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.21","new_version":"1.5.28","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.21 to 1.5.28.\nUpdates `ch.qos.logback:logback-classic` from 1.5.21 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.21 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ofpay/logback-mdc-ttl/pull/67","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ofpay%2Flogback-mdc-ttl/issues/67","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/67/packages"},{"uuid":"3907928305","node_id":"PR_kwDOF99Xm87CDrWf","number":274,"state":"closed","title":"Bump logback.version from 1.5.27 to 1.5.28","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-02-06T19:04:25.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-06T18:23:15.000Z","updated_at":"2026-02-06T19:04:26.000Z","time_to_close":2470,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.27","new_version":"1.5.28","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.27 to 1.5.28.\nUpdates `ch.qos.logback:logback-core` from 1.5.27 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.27...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.5.27 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.27...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/assist-project/state-machine-bug-finder/pull/274","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/assist-project%2Fstate-machine-bug-finder/issues/274","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/274/packages"},{"uuid":"3889184428","node_id":"PR_kwDOIo8AOc7BFXff","number":274,"state":"closed","title":"Bump logback.version from 1.5.26 to 1.5.27","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-02-03T05:20:27.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-03T05:16:13.000Z","updated_at":"2026-02-03T05:20:29.000Z","time_to_close":254,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.26","new_version":"1.5.27","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.26 to 1.5.27.\nUpdates `ch.qos.logback:logback-core` from 1.5.26 to 1.5.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/3618eb01aad6672f9cd250dccf7546a69cbe982f\"\u003e\u003ccode\u003e3618eb0\u003c/code\u003e\u003c/a\u003e increase timeout delay to 2000 millis\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/db150c3c92656ed01c66dbd8ec2a0f1548637663\"\u003e\u003ccode\u003edb150c3\u003c/code\u003e\u003c/a\u003e prepare release 1.5.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/0370b137a47a6148c3f2d527f6bfdbd22d3136a8\"\u003e\u003ccode\u003e0370b13\u003c/code\u003e\u003c/a\u003e fix missing MDC transmission in SocketAppender. Fixes issues/1010\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8100acd4e49f7d3c78520efacfd98bd398f0e810\"\u003e\u003ccode\u003e8100acd\u003c/code\u003e\u003c/a\u003e remove RemoteAppender*\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2b67210613628b8610f44063c4e739b71ce83190\"\u003e\u003ccode\u003e2b67210\u003c/code\u003e\u003c/a\u003e remove Receiver related classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d84b58686b3e04661bb47e7260d1fdcb731826ac\"\u003e\u003ccode\u003ed84b586\u003c/code\u003e\u003c/a\u003e remove ReceiverModelHandler - project still builds indicating no active usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44049ed38ff396bc45a98d9b536da8f179547132\"\u003e\u003ccode\u003e44049ed\u003c/code\u003e\u003c/a\u003e remove support for receivers in SerializedModelConfigurator and JoranConfigur...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/56085d898665d6e99489591333a4ddf381465443\"\u003e\u003ccode\u003e56085d8\u003c/code\u003e\u003c/a\u003e fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7764f47e51921abe9635b32c2fa80e65d29efba\"\u003e\u003ccode\u003ee7764f4\u003c/code\u003e\u003c/a\u003e refactor file change scanning for clarity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e56a12f865751ce6a599963187b4a861854c7e8a\"\u003e\u003ccode\u003ee56a12f\u003c/code\u003e\u003c/a\u003e bump assertj version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.26...v_1.5.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.5.26 to 1.5.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/3618eb01aad6672f9cd250dccf7546a69cbe982f\"\u003e\u003ccode\u003e3618eb0\u003c/code\u003e\u003c/a\u003e increase timeout delay to 2000 millis\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/db150c3c92656ed01c66dbd8ec2a0f1548637663\"\u003e\u003ccode\u003edb150c3\u003c/code\u003e\u003c/a\u003e prepare release 1.5.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/0370b137a47a6148c3f2d527f6bfdbd22d3136a8\"\u003e\u003ccode\u003e0370b13\u003c/code\u003e\u003c/a\u003e fix missing MDC transmission in SocketAppender. Fixes issues/1010\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8100acd4e49f7d3c78520efacfd98bd398f0e810\"\u003e\u003ccode\u003e8100acd\u003c/code\u003e\u003c/a\u003e remove RemoteAppender*\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2b67210613628b8610f44063c4e739b71ce83190\"\u003e\u003ccode\u003e2b67210\u003c/code\u003e\u003c/a\u003e remove Receiver related classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d84b58686b3e04661bb47e7260d1fdcb731826ac\"\u003e\u003ccode\u003ed84b586\u003c/code\u003e\u003c/a\u003e remove ReceiverModelHandler - project still builds indicating no active usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44049ed38ff396bc45a98d9b536da8f179547132\"\u003e\u003ccode\u003e44049ed\u003c/code\u003e\u003c/a\u003e remove support for receivers in SerializedModelConfigurator and JoranConfigur...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/56085d898665d6e99489591333a4ddf381465443\"\u003e\u003ccode\u003e56085d8\u003c/code\u003e\u003c/a\u003e fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7764f47e51921abe9635b32c2fa80e65d29efba\"\u003e\u003ccode\u003ee7764f4\u003c/code\u003e\u003c/a\u003e refactor file change scanning for clarity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e56a12f865751ce6a599963187b4a861854c7e8a\"\u003e\u003ccode\u003ee56a12f\u003c/code\u003e\u003c/a\u003e bump assertj version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.26...v_1.5.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/sebastian-toepfer/domain-driven-desgin/pull/274","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sebastian-toepfer%2Fdomain-driven-desgin/issues/274","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/274/packages"},{"uuid":"3888825313","node_id":"PR_kwDOHU9OKc7BEKiZ","number":511,"state":"closed","title":"Bump logback.version from 1.5.21 to 1.5.27","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-10T00:34:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-03T03:21:18.000Z","updated_at":"2026-02-10T00:34:56.000Z","time_to_close":594817,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.21","new_version":"1.5.27","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.21 to 1.5.27.\nUpdates `ch.qos.logback:logback-classic` from 1.5.21 to 1.5.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-06 Release of logback version 1.5.24\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See \u003ca href=\"https://logback.qos.ch/manual/configuration.html#conditionalExp\"\u003ethe relevant documentation\u003c/a\u003e for further details.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-21 Release of logback version 1.5.23\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/959\"\u003eissues/959\u003c/a\u003e file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the \u003ccode\u003eConcurrentModificationException\u003c/code\u003e reported in the issue.\u003c/p\u003e\n\u003cp\u003e• ZIP and XZ compression now use a \u003ccode\u003eBufferedOutputStream\u003c/code\u003e when writing to the compressed file. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/988\"\u003eissues/988\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/3618eb01aad6672f9cd250dccf7546a69cbe982f\"\u003e\u003ccode\u003e3618eb0\u003c/code\u003e\u003c/a\u003e increase timeout delay to 2000 millis\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/db150c3c92656ed01c66dbd8ec2a0f1548637663\"\u003e\u003ccode\u003edb150c3\u003c/code\u003e\u003c/a\u003e prepare release 1.5.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/0370b137a47a6148c3f2d527f6bfdbd22d3136a8\"\u003e\u003ccode\u003e0370b13\u003c/code\u003e\u003c/a\u003e fix missing MDC transmission in SocketAppender. Fixes issues/1010\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8100acd4e49f7d3c78520efacfd98bd398f0e810\"\u003e\u003ccode\u003e8100acd\u003c/code\u003e\u003c/a\u003e remove RemoteAppender*\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2b67210613628b8610f44063c4e739b71ce83190\"\u003e\u003ccode\u003e2b67210\u003c/code\u003e\u003c/a\u003e remove Receiver related classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d84b58686b3e04661bb47e7260d1fdcb731826ac\"\u003e\u003ccode\u003ed84b586\u003c/code\u003e\u003c/a\u003e remove ReceiverModelHandler - project still builds indicating no active usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44049ed38ff396bc45a98d9b536da8f179547132\"\u003e\u003ccode\u003e44049ed\u003c/code\u003e\u003c/a\u003e remove support for receivers in SerializedModelConfigurator and JoranConfigur...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/56085d898665d6e99489591333a4ddf381465443\"\u003e\u003ccode\u003e56085d8\u003c/code\u003e\u003c/a\u003e fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7764f47e51921abe9635b32c2fa80e65d29efba\"\u003e\u003ccode\u003ee7764f4\u003c/code\u003e\u003c/a\u003e refactor file change scanning for clarity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e56a12f865751ce6a599963187b4a861854c7e8a\"\u003e\u003ccode\u003ee56a12f\u003c/code\u003e\u003c/a\u003e bump assertj version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.21 to 1.5.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-06 Release of logback version 1.5.24\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See \u003ca href=\"https://logback.qos.ch/manual/configuration.html#conditionalExp\"\u003ethe relevant documentation\u003c/a\u003e for further details.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-21 Release of logback version 1.5.23\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/959\"\u003eissues/959\u003c/a\u003e file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the \u003ccode\u003eConcurrentModificationException\u003c/code\u003e reported in the issue.\u003c/p\u003e\n\u003cp\u003e• ZIP and XZ compression now use a \u003ccode\u003eBufferedOutputStream\u003c/code\u003e when writing to the compressed file. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/988\"\u003eissues/988\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/3618eb01aad6672f9cd250dccf7546a69cbe982f\"\u003e\u003ccode\u003e3618eb0\u003c/code\u003e\u003c/a\u003e increase timeout delay to 2000 millis\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/db150c3c92656ed01c66dbd8ec2a0f1548637663\"\u003e\u003ccode\u003edb150c3\u003c/code\u003e\u003c/a\u003e prepare release 1.5.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/0370b137a47a6148c3f2d527f6bfdbd22d3136a8\"\u003e\u003ccode\u003e0370b13\u003c/code\u003e\u003c/a\u003e fix missing MDC transmission in SocketAppender. Fixes issues/1010\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8100acd4e49f7d3c78520efacfd98bd398f0e810\"\u003e\u003ccode\u003e8100acd\u003c/code\u003e\u003c/a\u003e remove RemoteAppender*\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2b67210613628b8610f44063c4e739b71ce83190\"\u003e\u003ccode\u003e2b67210\u003c/code\u003e\u003c/a\u003e remove Receiver related classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d84b58686b3e04661bb47e7260d1fdcb731826ac\"\u003e\u003ccode\u003ed84b586\u003c/code\u003e\u003c/a\u003e remove ReceiverModelHandler - project still builds indicating no active usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44049ed38ff396bc45a98d9b536da8f179547132\"\u003e\u003ccode\u003e44049ed\u003c/code\u003e\u003c/a\u003e remove support for receivers in SerializedModelConfigurator and JoranConfigur...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/56085d898665d6e99489591333a4ddf381465443\"\u003e\u003ccode\u003e56085d8\u003c/code\u003e\u003c/a\u003e fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7764f47e51921abe9635b32c2fa80e65d29efba\"\u003e\u003ccode\u003ee7764f4\u003c/code\u003e\u003c/a\u003e refactor file change scanning for clarity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e56a12f865751ce6a599963187b4a861854c7e8a\"\u003e\u003ccode\u003ee56a12f\u003c/code\u003e\u003c/a\u003e bump assertj version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/google/fhir-gateway/pull/511","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Ffhir-gateway/issues/511","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/511/packages"},{"uuid":"3888634748","node_id":"PR_kwDOEu4wFc7BDhLW","number":665,"state":"closed","title":"Bump logback.version from 1.5.21 to 1.5.27","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-09T23:35:47.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-03T02:23:59.000Z","updated_at":"2026-02-09T23:35:49.000Z","time_to_close":594708,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.21","new_version":"1.5.27","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.21 to 1.5.27.\nUpdates `ch.qos.logback:logback-core` from 1.5.21 to 1.5.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-06 Release of logback version 1.5.24\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See \u003ca href=\"https://logback.qos.ch/manual/configuration.html#conditionalExp\"\u003ethe relevant documentation\u003c/a\u003e for further details.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-21 Release of logback version 1.5.23\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/959\"\u003eissues/959\u003c/a\u003e file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the \u003ccode\u003eConcurrentModificationException\u003c/code\u003e reported in the issue.\u003c/p\u003e\n\u003cp\u003e• ZIP and XZ compression now use a \u003ccode\u003eBufferedOutputStream\u003c/code\u003e when writing to the compressed file. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/988\"\u003eissues/988\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/3618eb01aad6672f9cd250dccf7546a69cbe982f\"\u003e\u003ccode\u003e3618eb0\u003c/code\u003e\u003c/a\u003e increase timeout delay to 2000 millis\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/db150c3c92656ed01c66dbd8ec2a0f1548637663\"\u003e\u003ccode\u003edb150c3\u003c/code\u003e\u003c/a\u003e prepare release 1.5.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/0370b137a47a6148c3f2d527f6bfdbd22d3136a8\"\u003e\u003ccode\u003e0370b13\u003c/code\u003e\u003c/a\u003e fix missing MDC transmission in SocketAppender. Fixes issues/1010\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8100acd4e49f7d3c78520efacfd98bd398f0e810\"\u003e\u003ccode\u003e8100acd\u003c/code\u003e\u003c/a\u003e remove RemoteAppender*\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2b67210613628b8610f44063c4e739b71ce83190\"\u003e\u003ccode\u003e2b67210\u003c/code\u003e\u003c/a\u003e remove Receiver related classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d84b58686b3e04661bb47e7260d1fdcb731826ac\"\u003e\u003ccode\u003ed84b586\u003c/code\u003e\u003c/a\u003e remove ReceiverModelHandler - project still builds indicating no active usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44049ed38ff396bc45a98d9b536da8f179547132\"\u003e\u003ccode\u003e44049ed\u003c/code\u003e\u003c/a\u003e remove support for receivers in SerializedModelConfigurator and JoranConfigur...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/56085d898665d6e99489591333a4ddf381465443\"\u003e\u003ccode\u003e56085d8\u003c/code\u003e\u003c/a\u003e fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7764f47e51921abe9635b32c2fa80e65d29efba\"\u003e\u003ccode\u003ee7764f4\u003c/code\u003e\u003c/a\u003e refactor file change scanning for clarity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e56a12f865751ce6a599963187b4a861854c7e8a\"\u003e\u003ccode\u003ee56a12f\u003c/code\u003e\u003c/a\u003e bump assertj version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.5.21 to 1.5.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-06 Release of logback version 1.5.24\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See \u003ca href=\"https://logback.qos.ch/manual/configuration.html#conditionalExp\"\u003ethe relevant documentation\u003c/a\u003e for further details.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-21 Release of logback version 1.5.23\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/959\"\u003eissues/959\u003c/a\u003e file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the \u003ccode\u003eConcurrentModificationException\u003c/code\u003e reported in the issue.\u003c/p\u003e\n\u003cp\u003e• ZIP and XZ compression now use a \u003ccode\u003eBufferedOutputStream\u003c/code\u003e when writing to the compressed file. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/988\"\u003eissues/988\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/3618eb01aad6672f9cd250dccf7546a69cbe982f\"\u003e\u003ccode\u003e3618eb0\u003c/code\u003e\u003c/a\u003e increase timeout delay to 2000 millis\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/db150c3c92656ed01c66dbd8ec2a0f1548637663\"\u003e\u003ccode\u003edb150c3\u003c/code\u003e\u003c/a\u003e prepare release 1.5.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/0370b137a47a6148c3f2d527f6bfdbd22d3136a8\"\u003e\u003ccode\u003e0370b13\u003c/code\u003e\u003c/a\u003e fix missing MDC transmission in SocketAppender. Fixes issues/1010\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8100acd4e49f7d3c78520efacfd98bd398f0e810\"\u003e\u003ccode\u003e8100acd\u003c/code\u003e\u003c/a\u003e remove RemoteAppender*\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2b67210613628b8610f44063c4e739b71ce83190\"\u003e\u003ccode\u003e2b67210\u003c/code\u003e\u003c/a\u003e remove Receiver related classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d84b58686b3e04661bb47e7260d1fdcb731826ac\"\u003e\u003ccode\u003ed84b586\u003c/code\u003e\u003c/a\u003e remove ReceiverModelHandler - project still builds indicating no active usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44049ed38ff396bc45a98d9b536da8f179547132\"\u003e\u003ccode\u003e44049ed\u003c/code\u003e\u003c/a\u003e remove support for receivers in SerializedModelConfigurator and JoranConfigur...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/56085d898665d6e99489591333a4ddf381465443\"\u003e\u003ccode\u003e56085d8\u003c/code\u003e\u003c/a\u003e fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7764f47e51921abe9635b32c2fa80e65d29efba\"\u003e\u003ccode\u003ee7764f4\u003c/code\u003e\u003c/a\u003e refactor file change scanning for clarity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e56a12f865751ce6a599963187b4a861854c7e8a\"\u003e\u003ccode\u003ee56a12f\u003c/code\u003e\u003c/a\u003e bump assertj version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/SecureApiGateway/secure-api-gateway-fapi-pep-rs-ob/pull/665","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecureApiGateway%2Fsecure-api-gateway-fapi-pep-rs-ob/issues/665","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/665/packages"},{"uuid":"3884449861","node_id":"PR_kwDOP6z2Ys7A1lik","number":51,"state":"closed","title":"Bump logback.version from 1.5.18 to 1.5.27","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-09T07:33:19.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-02T07:38:51.000Z","updated_at":"2026-02-09T07:33:20.000Z","time_to_close":604468,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.18","new_version":"1.5.27","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.18 to 1.5.27.\nUpdates `ch.qos.logback:logback-classic` from 1.5.18 to 1.5.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-06 Release of logback version 1.5.24\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See \u003ca href=\"https://logback.qos.ch/manual/configuration.html#conditionalExp\"\u003ethe relevant documentation\u003c/a\u003e for further details.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-21 Release of logback version 1.5.23\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/959\"\u003eissues/959\u003c/a\u003e file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the \u003ccode\u003eConcurrentModificationException\u003c/code\u003e reported in the issue.\u003c/p\u003e\n\u003cp\u003e• ZIP and XZ compression now use a \u003ccode\u003eBufferedOutputStream\u003c/code\u003e when writing to the compressed file. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/988\"\u003eissues/988\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/3618eb01aad6672f9cd250dccf7546a69cbe982f\"\u003e\u003ccode\u003e3618eb0\u003c/code\u003e\u003c/a\u003e increase timeout delay to 2000 millis\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/db150c3c92656ed01c66dbd8ec2a0f1548637663\"\u003e\u003ccode\u003edb150c3\u003c/code\u003e\u003c/a\u003e prepare release 1.5.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/0370b137a47a6148c3f2d527f6bfdbd22d3136a8\"\u003e\u003ccode\u003e0370b13\u003c/code\u003e\u003c/a\u003e fix missing MDC transmission in SocketAppender. Fixes issues/1010\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8100acd4e49f7d3c78520efacfd98bd398f0e810\"\u003e\u003ccode\u003e8100acd\u003c/code\u003e\u003c/a\u003e remove RemoteAppender*\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2b67210613628b8610f44063c4e739b71ce83190\"\u003e\u003ccode\u003e2b67210\u003c/code\u003e\u003c/a\u003e remove Receiver related classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d84b58686b3e04661bb47e7260d1fdcb731826ac\"\u003e\u003ccode\u003ed84b586\u003c/code\u003e\u003c/a\u003e remove ReceiverModelHandler - project still builds indicating no active usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44049ed38ff396bc45a98d9b536da8f179547132\"\u003e\u003ccode\u003e44049ed\u003c/code\u003e\u003c/a\u003e remove support for receivers in SerializedModelConfigurator and JoranConfigur...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/56085d898665d6e99489591333a4ddf381465443\"\u003e\u003ccode\u003e56085d8\u003c/code\u003e\u003c/a\u003e fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7764f47e51921abe9635b32c2fa80e65d29efba\"\u003e\u003ccode\u003ee7764f4\u003c/code\u003e\u003c/a\u003e refactor file change scanning for clarity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e56a12f865751ce6a599963187b4a861854c7e8a\"\u003e\u003ccode\u003ee56a12f\u003c/code\u003e\u003c/a\u003e bump assertj version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.18 to 1.5.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-06 Release of logback version 1.5.24\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See \u003ca href=\"https://logback.qos.ch/manual/configuration.html#conditionalExp\"\u003ethe relevant documentation\u003c/a\u003e for further details.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-21 Release of logback version 1.5.23\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/959\"\u003eissues/959\u003c/a\u003e file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the \u003ccode\u003eConcurrentModificationException\u003c/code\u003e reported in the issue.\u003c/p\u003e\n\u003cp\u003e• ZIP and XZ compression now use a \u003ccode\u003eBufferedOutputStream\u003c/code\u003e when writing to the compressed file. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/988\"\u003eissues/988\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/3618eb01aad6672f9cd250dccf7546a69cbe982f\"\u003e\u003ccode\u003e3618eb0\u003c/code\u003e\u003c/a\u003e increase timeout delay to 2000 millis\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/db150c3c92656ed01c66dbd8ec2a0f1548637663\"\u003e\u003ccode\u003edb150c3\u003c/code\u003e\u003c/a\u003e prepare release 1.5.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/0370b137a47a6148c3f2d527f6bfdbd22d3136a8\"\u003e\u003ccode\u003e0370b13\u003c/code\u003e\u003c/a\u003e fix missing MDC transmission in SocketAppender. Fixes issues/1010\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8100acd4e49f7d3c78520efacfd98bd398f0e810\"\u003e\u003ccode\u003e8100acd\u003c/code\u003e\u003c/a\u003e remove RemoteAppender*\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2b67210613628b8610f44063c4e739b71ce83190\"\u003e\u003ccode\u003e2b67210\u003c/code\u003e\u003c/a\u003e remove Receiver related classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d84b58686b3e04661bb47e7260d1fdcb731826ac\"\u003e\u003ccode\u003ed84b586\u003c/code\u003e\u003c/a\u003e remove ReceiverModelHandler - project still builds indicating no active usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44049ed38ff396bc45a98d9b536da8f179547132\"\u003e\u003ccode\u003e44049ed\u003c/code\u003e\u003c/a\u003e remove support for receivers in SerializedModelConfigurator and JoranConfigur...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/56085d898665d6e99489591333a4ddf381465443\"\u003e\u003ccode\u003e56085d8\u003c/code\u003e\u003c/a\u003e fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7764f47e51921abe9635b32c2fa80e65d29efba\"\u003e\u003ccode\u003ee7764f4\u003c/code\u003e\u003c/a\u003e refactor file change scanning for clarity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e56a12f865751ce6a599963187b4a861854c7e8a\"\u003e\u003ccode\u003ee56a12f\u003c/code\u003e\u003c/a\u003e bump assertj version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/wilsonpilone/getpebble/pull/51","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wilsonpilone%2Fgetpebble/issues/51","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/51/packages"}],"issue_packages":[{"old_version":"1.5.32","new_version":"1.5.33","update_type":"patch","path":null,"pr_created_at":"2026-05-30T19:02:41.000Z","version_change":"1.5.32 → 1.5.33","issue":{"uuid":"4555381974","node_id":"PR_kwDOP1FeW87g_PLE","number":1537,"state":"open","title":"chore(deps): bump logback.version from 1.5.32 to 1.5.33","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T19:02:41.000Z","updated_at":"2026-05-30T19:13:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"logback.version","old_version":"1.5.32","new_version":"1.5.33","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.32 to 1.5.33.\nUpdates `ch.qos.logback:logback-classic` from 1.5.32 to 1.5.33\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.33\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-05-27 Release of logback version 1.5.33\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003ccode\u003ePropertiesConfiguratorModelHandler\u003c/code\u003e now registers properties file URLs to the \u003ccode\u003eConfigurationWatchList\u003c/code\u003e when scan is enabled (via local scan=\u0026quot;true\u0026quot; attribute or top-level configuration scan), ensuring changes are detected and reconfiguration occurs. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1034\"\u003eissues/1034\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• When processing \u003ccode\u003e\u0026lt;conversionRule\u0026gt;\u003c/code\u003e elements and both \u003ccode\u003eclass\u003c/code\u003e and \u003ccode\u003econverterClass\u003c/code\u003e attributes are specified, silently use the class attribute without issuing a warning. However, if the attribute values differ, a warning will be issued. This change was requested in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1031\"\u003eissues/1031\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• \u003ccode\u003eHardenedModelInputStream\u003c/code\u003e will no longer accept to deserialize all classes located under the \u0026quot;java.lang\u0026quot; and \u0026quot;java.util\u0026quot; packages but a limited number of explicitly authorized classes in those packages. This potential deserialization whitelist bypass vulnerability was reported by \u003ca href=\"https://github.com/york-shen\"\u003eYork Shen\u003c/a\u003e and registered as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-9828\"\u003eCVE-2026-9828\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• SSL parameters for \u003ccode\u003eSSLSocketAppender\u003c/code\u003e now enable hostname verification by default. Moreover, the default protocol is now \u0026quot;TLSv1.2\u0026quot;. This potential vulnerability was reported by York Shen.\u003c/p\u003e\n\u003cp\u003e• When printing the status message field, \u003ccode\u003eViewStatusMessagesServletBase\u003c/code\u003e now escapes special characters such as \u0026quot;\u0026amp;\u0026quot; as character entities. This potential vulnerability was reported by York Shen.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 124e8b49b55ac34d08743a0646bd463410192647 associated with the tag v_1.5.33. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/124e8b49b55ac34d08743a0646bd463410192647\"\u003e\u003ccode\u003e124e8b4\u003c/code\u003e\u003c/a\u003e prepare release 1.5.33\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d8fd6f25c7f12282871164911fe423c86e2ef8f3\"\u003e\u003ccode\u003ed8fd6f2\u003c/code\u003e\u003c/a\u003e escapeTags in message field when printing status messages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/95edbeb8dbf53494f36324aeb7bef1825aff6cc4\"\u003e\u003ccode\u003e95edbeb\u003c/code\u003e\u003c/a\u003e hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/b768a96e191bf0d15aeff207a5b160e5c0c8dba2\"\u003e\u003ccode\u003eb768a96\u003c/code\u003e\u003c/a\u003e remove spurious java.swing.* import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/12cf2c5a150ee3ff4a720789bcfc6e047e836b0c\"\u003e\u003ccode\u003e12cf2c5\u003c/code\u003e\u003c/a\u003e classes in java.lang and java.util are now whitelisted individually\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e9133edbe58a20927f88cef609e0436f77bb8a96\"\u003e\u003ccode\u003ee9133ed\u003c/code\u003e\u003c/a\u003e fix typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/47089a2f88785a72387d86d463c5bbe751fe6750\"\u003e\u003ccode\u003e47089a2\u003c/code\u003e\u003c/a\u003e added Filip Egeric icla\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/85735f7a097a78729bd3d29d8ea2f4b80da1a0e6\"\u003e\u003ccode\u003e85735f7\u003c/code\u003e\u003c/a\u003e Modified ConversionRuleAction.java: Updated validPreconditions() to\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/614f7a726a5b2e71e8c5fb174967c7d1069721f2\"\u003e\u003ccode\u003e614f7a7\u003c/code\u003e\u003c/a\u003e the official name for initial instructions file foe coding agents is AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/fe50bb56abddd6d68ac1e31ff8851c306bf736c4\"\u003e\u003ccode\u003efe50bb5\u003c/code\u003e\u003c/a\u003e fix: do not warn when both converterClass and class attributes are specified ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.32...v_1.5.33\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.32 to 1.5.33\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.33\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-05-27 Release of logback version 1.5.33\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003ccode\u003ePropertiesConfiguratorModelHandler\u003c/code\u003e now registers properties file URLs to the \u003ccode\u003eConfigurationWatchList\u003c/code\u003e when scan is enabled (via local scan=\u0026quot;true\u0026quot; attribute or top-level configuration scan), ensuring changes are detected and reconfiguration occurs. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1034\"\u003eissues/1034\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• When processing \u003ccode\u003e\u0026lt;conversionRule\u0026gt;\u003c/code\u003e elements and both \u003ccode\u003eclass\u003c/code\u003e and \u003ccode\u003econverterClass\u003c/code\u003e attributes are specified, silently use the class attribute without issuing a warning. However, if the attribute values differ, a warning will be issued. This change was requested in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1031\"\u003eissues/1031\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• \u003ccode\u003eHardenedModelInputStream\u003c/code\u003e will no longer accept to deserialize all classes located under the \u0026quot;java.lang\u0026quot; and \u0026quot;java.util\u0026quot; packages but a limited number of explicitly authorized classes in those packages. This potential deserialization whitelist bypass vulnerability was reported by \u003ca href=\"https://github.com/york-shen\"\u003eYork Shen\u003c/a\u003e and registered as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-9828\"\u003eCVE-2026-9828\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• SSL parameters for \u003ccode\u003eSSLSocketAppender\u003c/code\u003e now enable hostname verification by default. Moreover, the default protocol is now \u0026quot;TLSv1.2\u0026quot;. This potential vulnerability was reported by York Shen.\u003c/p\u003e\n\u003cp\u003e• When printing the status message field, \u003ccode\u003eViewStatusMessagesServletBase\u003c/code\u003e now escapes special characters such as \u0026quot;\u0026amp;\u0026quot; as character entities. This potential vulnerability was reported by York Shen.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 124e8b49b55ac34d08743a0646bd463410192647 associated with the tag v_1.5.33. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/124e8b49b55ac34d08743a0646bd463410192647\"\u003e\u003ccode\u003e124e8b4\u003c/code\u003e\u003c/a\u003e prepare release 1.5.33\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d8fd6f25c7f12282871164911fe423c86e2ef8f3\"\u003e\u003ccode\u003ed8fd6f2\u003c/code\u003e\u003c/a\u003e escapeTags in message field when printing status messages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/95edbeb8dbf53494f36324aeb7bef1825aff6cc4\"\u003e\u003ccode\u003e95edbeb\u003c/code\u003e\u003c/a\u003e hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/b768a96e191bf0d15aeff207a5b160e5c0c8dba2\"\u003e\u003ccode\u003eb768a96\u003c/code\u003e\u003c/a\u003e remove spurious java.swing.* import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/12cf2c5a150ee3ff4a720789bcfc6e047e836b0c\"\u003e\u003ccode\u003e12cf2c5\u003c/code\u003e\u003c/a\u003e classes in java.lang and java.util are now whitelisted individually\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e9133edbe58a20927f88cef609e0436f77bb8a96\"\u003e\u003ccode\u003ee9133ed\u003c/code\u003e\u003c/a\u003e fix typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/47089a2f88785a72387d86d463c5bbe751fe6750\"\u003e\u003ccode\u003e47089a2\u003c/code\u003e\u003c/a\u003e added Filip Egeric icla\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/85735f7a097a78729bd3d29d8ea2f4b80da1a0e6\"\u003e\u003ccode\u003e85735f7\u003c/code\u003e\u003c/a\u003e Modified ConversionRuleAction.java: Updated validPreconditions() to\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/614f7a726a5b2e71e8c5fb174967c7d1069721f2\"\u003e\u003ccode\u003e614f7a7\u003c/code\u003e\u003c/a\u003e the official name for initial instructions file foe coding agents is AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/fe50bb56abddd6d68ac1e31ff8851c306bf736c4\"\u003e\u003ccode\u003efe50bb5\u003c/code\u003e\u003c/a\u003e fix: do not warn when both converterClass and class attributes are specified ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.32...v_1.5.33\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/agentscope-ai/agentscope-java/pull/1537","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/agentscope-ai%2Fagentscope-java/issues/1537","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1537/packages"}},{"old_version":"1.5.31","new_version":"1.5.32","update_type":"patch","path":null,"pr_created_at":"2026-04-06T03:03:26.000Z","version_change":"1.5.31 → 1.5.32","issue":{"uuid":"4209265735","node_id":"PR_kwDOCGpYss7QGxPc","number":745,"state":"open","title":"build(deps): bump logback.version from 1.5.31 to 1.5.32","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-06T03:03:26.000Z","updated_at":"2026-04-06T03:19:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"logback.version","old_version":"1.5.31","new_version":"1.5.32","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.31 to 1.5.32.\nUpdates `ch.qos.logback:logback-core` from 1.5.31 to 1.5.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-16 Release of logback version 1.5.32\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eDefaultProcessor, \u003c/code\u003efixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback-access/issues/34\"\u003elogback-access/issues/34\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e807335a67535b4eacce94e942c0bcb649665d93\"\u003e\u003ccode\u003ee807335\u003c/code\u003e\u003c/a\u003e prepare release 1.5.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/dc35d552bbd87cea8b98bea44ff0a113631075e7\"\u003e\u003ccode\u003edc35d55\u003c/code\u003e\u003c/a\u003e fix logback-access/issues/34 by checking if dependency is a sub-model of the ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8e32278700d5b0cfca70c246f6db0d639bb1f21b\"\u003e\u003ccode\u003e8e32278\u003c/code\u003e\u003c/a\u003e added simple test for appender definitiob via file inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/834dbedefdb3cf43f77618ddc3d1d89e5c98b488\"\u003e\u003ccode\u003e834dbed\u003c/code\u003e\u003c/a\u003e start work on 1.5.32-SNAPSHOT\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.31...v_1.5.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.5.31 to 1.5.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-16 Release of logback version 1.5.32\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eDefaultProcessor, \u003c/code\u003efixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback-access/issues/34\"\u003elogback-access/issues/34\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e807335a67535b4eacce94e942c0bcb649665d93\"\u003e\u003ccode\u003ee807335\u003c/code\u003e\u003c/a\u003e prepare release 1.5.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/dc35d552bbd87cea8b98bea44ff0a113631075e7\"\u003e\u003ccode\u003edc35d55\u003c/code\u003e\u003c/a\u003e fix logback-access/issues/34 by checking if dependency is a sub-model of the ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8e32278700d5b0cfca70c246f6db0d639bb1f21b\"\u003e\u003ccode\u003e8e32278\u003c/code\u003e\u003c/a\u003e added simple test for appender definitiob via file inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/834dbedefdb3cf43f77618ddc3d1d89e5c98b488\"\u003e\u003ccode\u003e834dbed\u003c/code\u003e\u003c/a\u003e start work on 1.5.32-SNAPSHOT\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.31...v_1.5.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/streamthoughts/jikkou/pull/745","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/streamthoughts%2Fjikkou/issues/745","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/745/packages"}},{"old_version":"1.5.16","new_version":"1.5.32","update_type":"patch","path":null,"pr_created_at":"2026-03-02T11:22:38.000Z","version_change":"1.5.16 → 1.5.32","issue":{"uuid":"4010725647","node_id":"PR_kwDOB4flrc7HTa1j","number":765,"state":"open","title":"Bump logback.version from 1.5.16 to 1.5.32","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-02T11:22:38.000Z","updated_at":"2026-03-03T08:04:32.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.16","new_version":"1.5.32","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.16 to 1.5.32.\nUpdates `ch.qos.logback:logback-classic` from 1.5.16 to 1.5.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-16 Release of logback version 1.5.32\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eDefaultProcessor, \u003c/code\u003efixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback-access/issues/34\"\u003elogback-access/issues/34\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback  1.5.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback version 1.5.31\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback  version 1.5.30\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003cstrong\u003eIn this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fix scanning issue when an included file becomes available at a later time. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1021\"\u003eissues/1021\u003c/a\u003e by Sergey Nazarov.\u003c/p\u003e\n\u003cp\u003e• Standardized code for version checking across modules.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.29\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-09 Release of logback version 1.5.29\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1017\"\u003eissues/1017\u003c/a\u003e, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e807335a67535b4eacce94e942c0bcb649665d93\"\u003e\u003ccode\u003ee807335\u003c/code\u003e\u003c/a\u003e prepare release 1.5.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/dc35d552bbd87cea8b98bea44ff0a113631075e7\"\u003e\u003ccode\u003edc35d55\u003c/code\u003e\u003c/a\u003e fix logback-access/issues/34 by checking if dependency is a sub-model of the ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8e32278700d5b0cfca70c246f6db0d639bb1f21b\"\u003e\u003ccode\u003e8e32278\u003c/code\u003e\u003c/a\u003e added simple test for appender definitiob via file inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/834dbedefdb3cf43f77618ddc3d1d89e5c98b488\"\u003e\u003ccode\u003e834dbed\u003c/code\u003e\u003c/a\u003e start work on 1.5.32-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b\"\u003e\u003ccode\u003e168e42f\u003c/code\u003e\u003c/a\u003e add test to check that Logback SLF4J provider can be activated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ed45362291e060a93b2b28825ad3706ab85066ba\"\u003e\u003ccode\u003eed45362\u003c/code\u003e\u003c/a\u003e prepare release 1.5.31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/609dae79d06b38518b48f826a22b1e7e233903c3\"\u003e\u003ccode\u003e609dae7\u003c/code\u003e\u003c/a\u003e fix missing META-INF directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/77397397cd0751b4d7eb5b7ee836137072505f16\"\u003e\u003ccode\u003e7739739\u003c/code\u003e\u003c/a\u003e start work on 1.5.31-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44164f10ca3fb44ce0e68519f13564b87e3aca61\"\u003e\u003ccode\u003e44164f1\u003c/code\u003e\u003c/a\u003e prepare release 1.5.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9874f06e247258e0122a099ae65964d41f2be10b\"\u003e\u003ccode\u003e9874f06\u003c/code\u003e\u003c/a\u003e test for top-file as a resource, introduced new module logback-classic-misc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.16...v_1.5.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.16 to 1.5.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-16 Release of logback version 1.5.32\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eDefaultProcessor, \u003c/code\u003efixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback-access/issues/34\"\u003elogback-access/issues/34\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback  1.5.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback version 1.5.31\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback  version 1.5.30\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003cstrong\u003eIn this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fix scanning issue when an included file becomes available at a later time. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1021\"\u003eissues/1021\u003c/a\u003e by Sergey Nazarov.\u003c/p\u003e\n\u003cp\u003e• Standardized code for version checking across modules.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.29\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-09 Release of logback version 1.5.29\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1017\"\u003eissues/1017\u003c/a\u003e, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e807335a67535b4eacce94e942c0bcb649665d93\"\u003e\u003ccode\u003ee807335\u003c/code\u003e\u003c/a\u003e prepare release 1.5.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/dc35d552bbd87cea8b98bea44ff0a113631075e7\"\u003e\u003ccode\u003edc35d55\u003c/code\u003e\u003c/a\u003e fix logback-access/issues/34 by checking if dependency is a sub-model of the ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8e32278700d5b0cfca70c246f6db0d639bb1f21b\"\u003e\u003ccode\u003e8e32278\u003c/code\u003e\u003c/a\u003e added simple test for appender definitiob via file inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/834dbedefdb3cf43f77618ddc3d1d89e5c98b488\"\u003e\u003ccode\u003e834dbed\u003c/code\u003e\u003c/a\u003e start work on 1.5.32-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b\"\u003e\u003ccode\u003e168e42f\u003c/code\u003e\u003c/a\u003e add test to check that Logback SLF4J provider can be activated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ed45362291e060a93b2b28825ad3706ab85066ba\"\u003e\u003ccode\u003eed45362\u003c/code\u003e\u003c/a\u003e prepare release 1.5.31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/609dae79d06b38518b48f826a22b1e7e233903c3\"\u003e\u003ccode\u003e609dae7\u003c/code\u003e\u003c/a\u003e fix missing META-INF directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/77397397cd0751b4d7eb5b7ee836137072505f16\"\u003e\u003ccode\u003e7739739\u003c/code\u003e\u003c/a\u003e start work on 1.5.31-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44164f10ca3fb44ce0e68519f13564b87e3aca61\"\u003e\u003ccode\u003e44164f1\u003c/code\u003e\u003c/a\u003e prepare release 1.5.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9874f06e247258e0122a099ae65964d41f2be10b\"\u003e\u003ccode\u003e9874f06\u003c/code\u003e\u003c/a\u003e test for top-file as a resource, introduced new module logback-classic-misc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.16...v_1.5.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/navikt/common-java-modules/pull/765","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/navikt%2Fcommon-java-modules/issues/765","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/765/packages"}},{"old_version":"1.5.31","new_version":"1.5.32","update_type":"patch","path":null,"pr_created_at":"2026-02-17T01:03:37.000Z","version_change":"1.5.31 → 1.5.32","issue":{"uuid":"3950210105","node_id":"PR_kwDOIo8AOc7EOfcY","number":278,"state":"closed","title":"Bump logback.version from 1.5.31 to 1.5.32","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-17T01:07:54.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-17T01:03:37.000Z","updated_at":"2026-02-17T01:07:56.000Z","time_to_close":257,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.31","new_version":"1.5.32","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.31 to 1.5.32.\nUpdates `ch.qos.logback:logback-core` from 1.5.31 to 1.5.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-16 Release of logback version 1.5.32\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eDefaultProcessor, \u003c/code\u003efixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback-access/issues/34\"\u003elogback-access/issues/34\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e807335a67535b4eacce94e942c0bcb649665d93\"\u003e\u003ccode\u003ee807335\u003c/code\u003e\u003c/a\u003e prepare release 1.5.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/dc35d552bbd87cea8b98bea44ff0a113631075e7\"\u003e\u003ccode\u003edc35d55\u003c/code\u003e\u003c/a\u003e fix logback-access/issues/34 by checking if dependency is a sub-model of the ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8e32278700d5b0cfca70c246f6db0d639bb1f21b\"\u003e\u003ccode\u003e8e32278\u003c/code\u003e\u003c/a\u003e added simple test for appender definitiob via file inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/834dbedefdb3cf43f77618ddc3d1d89e5c98b488\"\u003e\u003ccode\u003e834dbed\u003c/code\u003e\u003c/a\u003e start work on 1.5.32-SNAPSHOT\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.31...v_1.5.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.5.31 to 1.5.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-16 Release of logback version 1.5.32\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eDefaultProcessor, \u003c/code\u003efixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback-access/issues/34\"\u003elogback-access/issues/34\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e807335a67535b4eacce94e942c0bcb649665d93\"\u003e\u003ccode\u003ee807335\u003c/code\u003e\u003c/a\u003e prepare release 1.5.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/dc35d552bbd87cea8b98bea44ff0a113631075e7\"\u003e\u003ccode\u003edc35d55\u003c/code\u003e\u003c/a\u003e fix logback-access/issues/34 by checking if dependency is a sub-model of the ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8e32278700d5b0cfca70c246f6db0d639bb1f21b\"\u003e\u003ccode\u003e8e32278\u003c/code\u003e\u003c/a\u003e added simple test for appender definitiob via file inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/834dbedefdb3cf43f77618ddc3d1d89e5c98b488\"\u003e\u003ccode\u003e834dbed\u003c/code\u003e\u003c/a\u003e start work on 1.5.32-SNAPSHOT\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.31...v_1.5.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/sebastian-toepfer/domain-driven-desgin/pull/278","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sebastian-toepfer%2Fdomain-driven-desgin/issues/278","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/278/packages"}},{"old_version":"1.5.29","new_version":"1.5.31","update_type":"patch","path":null,"pr_created_at":"2026-02-16T04:22:02.000Z","version_change":"1.5.29 → 1.5.31","issue":{"uuid":"3945798785","node_id":"PR_kwDONWwmEc7D_3E8","number":545,"state":"closed","title":"Bump logback.version from 1.5.29 to 1.5.31","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-17T04:13:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-16T04:22:02.000Z","updated_at":"2026-02-17T04:13:24.000Z","time_to_close":85881,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.29","new_version":"1.5.31","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.29 to 1.5.31.\nUpdates `ch.qos.logback:logback-core` from 1.5.29 to 1.5.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback  1.5.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback version 1.5.31\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback  version 1.5.30\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003cstrong\u003eIn this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fix scanning issue when an included file becomes available at a later time. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1021\"\u003eissues/1021\u003c/a\u003e by Sergey Nazarov.\u003c/p\u003e\n\u003cp\u003e• Standardized code for version checking across modules.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b\"\u003e\u003ccode\u003e168e42f\u003c/code\u003e\u003c/a\u003e add test to check that Logback SLF4J provider can be activated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ed45362291e060a93b2b28825ad3706ab85066ba\"\u003e\u003ccode\u003eed45362\u003c/code\u003e\u003c/a\u003e prepare release 1.5.31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/609dae79d06b38518b48f826a22b1e7e233903c3\"\u003e\u003ccode\u003e609dae7\u003c/code\u003e\u003c/a\u003e fix missing META-INF directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/77397397cd0751b4d7eb5b7ee836137072505f16\"\u003e\u003ccode\u003e7739739\u003c/code\u003e\u003c/a\u003e start work on 1.5.31-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44164f10ca3fb44ce0e68519f13564b87e3aca61\"\u003e\u003ccode\u003e44164f1\u003c/code\u003e\u003c/a\u003e prepare release 1.5.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9874f06e247258e0122a099ae65964d41f2be10b\"\u003e\u003ccode\u003e9874f06\u003c/code\u003e\u003c/a\u003e test for top-file as a resource, introduced new module logback-classic-misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c8e5c3c83321fe10726bb0d92e220a0a35c925d\"\u003e\u003ccode\u003e5c8e5c3\u003c/code\u003e\u003c/a\u003e fix scanning for included files to be created later, issues/1021\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/edcc7e843ab97e80e9f87e5a3f659062313d792d\"\u003e\u003ccode\u003eedcc7e8\u003c/code\u003e\u003c/a\u003e remove unused/commented out methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/49f29a33b60ed8623576f0a5e29b8cd0137f426b\"\u003e\u003ccode\u003e49f29a3\u003c/code\u003e\u003c/a\u003e fix resource location\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c50f910735136c030d791fccd940ab78f1aec10\"\u003e\u003ccode\u003e5c50f91\u003c/code\u003e\u003c/a\u003e standardize version checking\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.29...v_1.5.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.5.29 to 1.5.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback  1.5.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback version 1.5.31\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback  version 1.5.30\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003cstrong\u003eIn this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fix scanning issue when an included file becomes available at a later time. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1021\"\u003eissues/1021\u003c/a\u003e by Sergey Nazarov.\u003c/p\u003e\n\u003cp\u003e• Standardized code for version checking across modules.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b\"\u003e\u003ccode\u003e168e42f\u003c/code\u003e\u003c/a\u003e add test to check that Logback SLF4J provider can be activated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ed45362291e060a93b2b28825ad3706ab85066ba\"\u003e\u003ccode\u003eed45362\u003c/code\u003e\u003c/a\u003e prepare release 1.5.31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/609dae79d06b38518b48f826a22b1e7e233903c3\"\u003e\u003ccode\u003e609dae7\u003c/code\u003e\u003c/a\u003e fix missing META-INF directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/77397397cd0751b4d7eb5b7ee836137072505f16\"\u003e\u003ccode\u003e7739739\u003c/code\u003e\u003c/a\u003e start work on 1.5.31-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44164f10ca3fb44ce0e68519f13564b87e3aca61\"\u003e\u003ccode\u003e44164f1\u003c/code\u003e\u003c/a\u003e prepare release 1.5.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9874f06e247258e0122a099ae65964d41f2be10b\"\u003e\u003ccode\u003e9874f06\u003c/code\u003e\u003c/a\u003e test for top-file as a resource, introduced new module logback-classic-misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c8e5c3c83321fe10726bb0d92e220a0a35c925d\"\u003e\u003ccode\u003e5c8e5c3\u003c/code\u003e\u003c/a\u003e fix scanning for included files to be created later, issues/1021\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/edcc7e843ab97e80e9f87e5a3f659062313d792d\"\u003e\u003ccode\u003eedcc7e8\u003c/code\u003e\u003c/a\u003e remove unused/commented out methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/49f29a33b60ed8623576f0a5e29b8cd0137f426b\"\u003e\u003ccode\u003e49f29a3\u003c/code\u003e\u003c/a\u003e fix resource location\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c50f910735136c030d791fccd940ab78f1aec10\"\u003e\u003ccode\u003e5c50f91\u003c/code\u003e\u003c/a\u003e standardize version checking\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.29...v_1.5.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/icebergplus/icebergplus/pull/545","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/icebergplus%2Ficebergplus/issues/545","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/545/packages"}},{"old_version":"1.5.23","new_version":"1.5.31","update_type":"patch","path":null,"pr_created_at":"2026-02-15T22:02:45.000Z","version_change":"1.5.23 → 1.5.31","issue":{"uuid":"3945023864","node_id":"PR_kwDOLL9yG87D9XYi","number":70,"state":"closed","title":"build(deps-dev): bump logback.version from 1.5.23 to 1.5.31","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-16T22:04:45.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-15T22:02:45.000Z","updated_at":"2026-02-16T22:04:46.000Z","time_to_close":86520,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps-dev)","packages":[{"name":"logback.version","old_version":"1.5.23","new_version":"1.5.31","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.23 to 1.5.31.\nUpdates `ch.qos.logback:logback-core` from 1.5.23 to 1.5.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback  1.5.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback version 1.5.31\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback  version 1.5.30\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003cstrong\u003eIn this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fix scanning issue when an included file becomes available at a later time. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1021\"\u003eissues/1021\u003c/a\u003e by Sergey Nazarov.\u003c/p\u003e\n\u003cp\u003e• Standardized code for version checking across modules.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.29\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-09 Release of logback version 1.5.29\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1017\"\u003eissues/1017\u003c/a\u003e, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b\"\u003e\u003ccode\u003e168e42f\u003c/code\u003e\u003c/a\u003e add test to check that Logback SLF4J provider can be activated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ed45362291e060a93b2b28825ad3706ab85066ba\"\u003e\u003ccode\u003eed45362\u003c/code\u003e\u003c/a\u003e prepare release 1.5.31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/609dae79d06b38518b48f826a22b1e7e233903c3\"\u003e\u003ccode\u003e609dae7\u003c/code\u003e\u003c/a\u003e fix missing META-INF directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/77397397cd0751b4d7eb5b7ee836137072505f16\"\u003e\u003ccode\u003e7739739\u003c/code\u003e\u003c/a\u003e start work on 1.5.31-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44164f10ca3fb44ce0e68519f13564b87e3aca61\"\u003e\u003ccode\u003e44164f1\u003c/code\u003e\u003c/a\u003e prepare release 1.5.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9874f06e247258e0122a099ae65964d41f2be10b\"\u003e\u003ccode\u003e9874f06\u003c/code\u003e\u003c/a\u003e test for top-file as a resource, introduced new module logback-classic-misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c8e5c3c83321fe10726bb0d92e220a0a35c925d\"\u003e\u003ccode\u003e5c8e5c3\u003c/code\u003e\u003c/a\u003e fix scanning for included files to be created later, issues/1021\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/edcc7e843ab97e80e9f87e5a3f659062313d792d\"\u003e\u003ccode\u003eedcc7e8\u003c/code\u003e\u003c/a\u003e remove unused/commented out methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/49f29a33b60ed8623576f0a5e29b8cd0137f426b\"\u003e\u003ccode\u003e49f29a3\u003c/code\u003e\u003c/a\u003e fix resource location\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c50f910735136c030d791fccd940ab78f1aec10\"\u003e\u003ccode\u003e5c50f91\u003c/code\u003e\u003c/a\u003e standardize version checking\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.5.23 to 1.5.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback  1.5.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback version 1.5.31\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback  version 1.5.30\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003cstrong\u003eIn this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fix scanning issue when an included file becomes available at a later time. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1021\"\u003eissues/1021\u003c/a\u003e by Sergey Nazarov.\u003c/p\u003e\n\u003cp\u003e• Standardized code for version checking across modules.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.29\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-09 Release of logback version 1.5.29\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1017\"\u003eissues/1017\u003c/a\u003e, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b\"\u003e\u003ccode\u003e168e42f\u003c/code\u003e\u003c/a\u003e add test to check that Logback SLF4J provider can be activated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ed45362291e060a93b2b28825ad3706ab85066ba\"\u003e\u003ccode\u003eed45362\u003c/code\u003e\u003c/a\u003e prepare release 1.5.31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/609dae79d06b38518b48f826a22b1e7e233903c3\"\u003e\u003ccode\u003e609dae7\u003c/code\u003e\u003c/a\u003e fix missing META-INF directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/77397397cd0751b4d7eb5b7ee836137072505f16\"\u003e\u003ccode\u003e7739739\u003c/code\u003e\u003c/a\u003e start work on 1.5.31-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44164f10ca3fb44ce0e68519f13564b87e3aca61\"\u003e\u003ccode\u003e44164f1\u003c/code\u003e\u003c/a\u003e prepare release 1.5.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9874f06e247258e0122a099ae65964d41f2be10b\"\u003e\u003ccode\u003e9874f06\u003c/code\u003e\u003c/a\u003e test for top-file as a resource, introduced new module logback-classic-misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c8e5c3c83321fe10726bb0d92e220a0a35c925d\"\u003e\u003ccode\u003e5c8e5c3\u003c/code\u003e\u003c/a\u003e fix scanning for included files to be created later, issues/1021\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/edcc7e843ab97e80e9f87e5a3f659062313d792d\"\u003e\u003ccode\u003eedcc7e8\u003c/code\u003e\u003c/a\u003e remove unused/commented out methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/49f29a33b60ed8623576f0a5e29b8cd0137f426b\"\u003e\u003ccode\u003e49f29a3\u003c/code\u003e\u003c/a\u003e fix resource location\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c50f910735136c030d791fccd940ab78f1aec10\"\u003e\u003ccode\u003e5c50f91\u003c/code\u003e\u003c/a\u003e standardize version checking\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/aspan/cloudhopper-smpp/pull/70","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/aspan%2Fcloudhopper-smpp/issues/70","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/70/packages"}},{"old_version":"1.5.23","new_version":"1.5.31","update_type":"patch","path":null,"pr_created_at":"2026-02-15T15:43:53.000Z","version_change":"1.5.23 → 1.5.31","issue":{"uuid":"3944339218","node_id":"PR_kwDOEoQN3s7D7Q5g","number":2363,"state":"open","title":"build(deps): bump logback.version from 1.5.23 to 1.5.31","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-15T15:43:53.000Z","updated_at":"2026-02-15T15:44:11.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"logback.version","old_version":"1.5.23","new_version":"1.5.31","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.23 to 1.5.31.\nUpdates `ch.qos.logback:logback-classic` from 1.5.23 to 1.5.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback  1.5.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback version 1.5.31\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback  version 1.5.30\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003cstrong\u003eIn this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fix scanning issue when an included file becomes available at a later time. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1021\"\u003eissues/1021\u003c/a\u003e by Sergey Nazarov.\u003c/p\u003e\n\u003cp\u003e• Standardized code for version checking across modules.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.29\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-09 Release of logback version 1.5.29\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1017\"\u003eissues/1017\u003c/a\u003e, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b\"\u003e\u003ccode\u003e168e42f\u003c/code\u003e\u003c/a\u003e add test to check that Logback SLF4J provider can be activated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ed45362291e060a93b2b28825ad3706ab85066ba\"\u003e\u003ccode\u003eed45362\u003c/code\u003e\u003c/a\u003e prepare release 1.5.31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/609dae79d06b38518b48f826a22b1e7e233903c3\"\u003e\u003ccode\u003e609dae7\u003c/code\u003e\u003c/a\u003e fix missing META-INF directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/77397397cd0751b4d7eb5b7ee836137072505f16\"\u003e\u003ccode\u003e7739739\u003c/code\u003e\u003c/a\u003e start work on 1.5.31-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44164f10ca3fb44ce0e68519f13564b87e3aca61\"\u003e\u003ccode\u003e44164f1\u003c/code\u003e\u003c/a\u003e prepare release 1.5.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9874f06e247258e0122a099ae65964d41f2be10b\"\u003e\u003ccode\u003e9874f06\u003c/code\u003e\u003c/a\u003e test for top-file as a resource, introduced new module logback-classic-misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c8e5c3c83321fe10726bb0d92e220a0a35c925d\"\u003e\u003ccode\u003e5c8e5c3\u003c/code\u003e\u003c/a\u003e fix scanning for included files to be created later, issues/1021\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/edcc7e843ab97e80e9f87e5a3f659062313d792d\"\u003e\u003ccode\u003eedcc7e8\u003c/code\u003e\u003c/a\u003e remove unused/commented out methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/49f29a33b60ed8623576f0a5e29b8cd0137f426b\"\u003e\u003ccode\u003e49f29a3\u003c/code\u003e\u003c/a\u003e fix resource location\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c50f910735136c030d791fccd940ab78f1aec10\"\u003e\u003ccode\u003e5c50f91\u003c/code\u003e\u003c/a\u003e standardize version checking\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.23 to 1.5.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback  1.5.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback version 1.5.31\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-14 Release of logback  version 1.5.30\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• \u003cstrong\u003eIn this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Fix scanning issue when an included file becomes available at a later time. This problem was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1021\"\u003eissues/1021\u003c/a\u003e by Sergey Nazarov.\u003c/p\u003e\n\u003cp\u003e• Standardized code for version checking across modules.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.29\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-09 Release of logback version 1.5.29\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1017\"\u003eissues/1017\u003c/a\u003e, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b\"\u003e\u003ccode\u003e168e42f\u003c/code\u003e\u003c/a\u003e add test to check that Logback SLF4J provider can be activated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ed45362291e060a93b2b28825ad3706ab85066ba\"\u003e\u003ccode\u003eed45362\u003c/code\u003e\u003c/a\u003e prepare release 1.5.31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/609dae79d06b38518b48f826a22b1e7e233903c3\"\u003e\u003ccode\u003e609dae7\u003c/code\u003e\u003c/a\u003e fix missing META-INF directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/77397397cd0751b4d7eb5b7ee836137072505f16\"\u003e\u003ccode\u003e7739739\u003c/code\u003e\u003c/a\u003e start work on 1.5.31-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44164f10ca3fb44ce0e68519f13564b87e3aca61\"\u003e\u003ccode\u003e44164f1\u003c/code\u003e\u003c/a\u003e prepare release 1.5.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9874f06e247258e0122a099ae65964d41f2be10b\"\u003e\u003ccode\u003e9874f06\u003c/code\u003e\u003c/a\u003e test for top-file as a resource, introduced new module logback-classic-misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c8e5c3c83321fe10726bb0d92e220a0a35c925d\"\u003e\u003ccode\u003e5c8e5c3\u003c/code\u003e\u003c/a\u003e fix scanning for included files to be created later, issues/1021\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/edcc7e843ab97e80e9f87e5a3f659062313d792d\"\u003e\u003ccode\u003eedcc7e8\u003c/code\u003e\u003c/a\u003e remove unused/commented out methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/49f29a33b60ed8623576f0a5e29b8cd0137f426b\"\u003e\u003ccode\u003e49f29a3\u003c/code\u003e\u003c/a\u003e fix resource location\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5c50f910735136c030d791fccd940ab78f1aec10\"\u003e\u003ccode\u003e5c50f91\u003c/code\u003e\u003c/a\u003e standardize version checking\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Crown-Commercial-Service/ccs-scale-cat-service/pull/2363","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Crown-Commercial-Service%2Fccs-scale-cat-service/issues/2363","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2363/packages"}},{"old_version":"1.5.21","new_version":"1.5.29","update_type":"patch","path":null,"pr_created_at":"2026-02-09T23:35:45.000Z","version_change":"1.5.21 → 1.5.29","issue":{"uuid":"3918664631","node_id":"PR_kwDOEu4wFc7Cmew6","number":666,"state":"closed","title":"Bump logback.version from 1.5.21 to 1.5.29","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-16T20:44:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-09T23:35:45.000Z","updated_at":"2026-02-16T20:44:24.000Z","time_to_close":594518,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.21","new_version":"1.5.29","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.21 to 1.5.29.\nUpdates `ch.qos.logback:logback-core` from 1.5.21 to 1.5.29\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5db1146b85a4547e9189834e189042b82a97694b\"\u003e\u003ccode\u003e5db1146\u003c/code\u003e\u003c/a\u003e prepare release 1.5.29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/c94a5fefa096946ec36509118dca94438840e2de\"\u003e\u003ccode\u003ec94a5fe\u003c/code\u003e\u003c/a\u003e minor changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2bc697f1f209b814a8fec8f3cd53c8a005d91e6f\"\u003e\u003ccode\u003e2bc697f\u003c/code\u003e\u003c/a\u003e revert commit 4f560a0331b, once again, appender names of references are subje...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/41921311591a969ff0dbc063f42603e2011f6eb8\"\u003e\u003ccode\u003e4192131\u003c/code\u003e\u003c/a\u003e start work on 1.5.29-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.5.21 to 1.5.29\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5db1146b85a4547e9189834e189042b82a97694b\"\u003e\u003ccode\u003e5db1146\u003c/code\u003e\u003c/a\u003e prepare release 1.5.29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/c94a5fefa096946ec36509118dca94438840e2de\"\u003e\u003ccode\u003ec94a5fe\u003c/code\u003e\u003c/a\u003e minor changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2bc697f1f209b814a8fec8f3cd53c8a005d91e6f\"\u003e\u003ccode\u003e2bc697f\u003c/code\u003e\u003c/a\u003e revert commit 4f560a0331b, once again, appender names of references are subje...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/41921311591a969ff0dbc063f42603e2011f6eb8\"\u003e\u003ccode\u003e4192131\u003c/code\u003e\u003c/a\u003e start work on 1.5.29-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/SecureApiGateway/secure-api-gateway-fapi-pep-rs-ob/pull/666","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecureApiGateway%2Fsecure-api-gateway-fapi-pep-rs-ob/issues/666","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/666/packages"}},{"old_version":"1.2.3","new_version":"1.5.28","update_type":"minor","path":null,"pr_created_at":"2026-02-09T14:57:23.000Z","version_change":"1.2.3 → 1.5.28","issue":{"uuid":"3916814397","node_id":"PR_kwDOATeDE87CgUXj","number":2586,"state":"closed","title":"Bump logback.version from 1.2.3 to 1.5.28","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-16T14:24:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-09T14:57:23.000Z","updated_at":"2026-02-16T14:24:30.000Z","time_to_close":602825,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.2.3","new_version":"1.5.28","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.2.3 to 1.5.28.\nUpdates `ch.qos.logback:logback-core` from 1.2.3 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.2.3...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.2.3 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.2.3...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/docker-java/docker-java/pull/2586","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker-java%2Fdocker-java/issues/2586","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2586/packages"}},{"old_version":"1.5.18","new_version":"1.5.28","update_type":"patch","path":null,"pr_created_at":"2026-02-09T07:33:16.000Z","version_change":"1.5.18 → 1.5.28","issue":{"uuid":"3914912139","node_id":"PR_kwDOP6z2Ys7CZ85s","number":54,"state":"closed","title":"Bump logback.version from 1.5.18 to 1.5.28","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-16T07:21:17.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-09T07:33:16.000Z","updated_at":"2026-02-16T07:21:19.000Z","time_to_close":604081,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.18","new_version":"1.5.28","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.18 to 1.5.28.\nUpdates `ch.qos.logback:logback-classic` from 1.5.18 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.18 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/wilsonpilone/getpebble/pull/54","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wilsonpilone%2Fgetpebble/issues/54","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/54/packages"}},{"old_version":"1.5.26","new_version":"1.5.28","update_type":"patch","path":null,"pr_created_at":"2026-02-09T01:23:38.000Z","version_change":"1.5.26 → 1.5.28","issue":{"uuid":"3914007927","node_id":"PR_kwDOFL8C9c7CXBRy","number":225,"state":"closed","title":"Bump logback.version from 1.5.26 to 1.5.28","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-10T02:39:15.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-09T01:23:38.000Z","updated_at":"2026-02-10T02:39:16.000Z","time_to_close":90937,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.26","new_version":"1.5.28","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.26 to 1.5.28.\nUpdates `ch.qos.logback:logback-classic` from 1.5.26 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.26...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.26 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.26...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/navikt/pensjon-selvbetjening-fss-gateway/pull/225","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/navikt%2Fpensjon-selvbetjening-fss-gateway/issues/225","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/225/packages"}},{"old_version":"1.5.18","new_version":"1.5.28","update_type":"patch","path":null,"pr_created_at":"2026-02-09T00:14:24.000Z","version_change":"1.5.18 → 1.5.28","issue":{"uuid":"3913868758","node_id":"PR_kwDOPhhvac7CWj6z","number":63,"state":"closed","title":"Bump logback.version from 1.5.18 to 1.5.28","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-16T00:14:33.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-09T00:14:24.000Z","updated_at":"2026-02-16T00:14:35.000Z","time_to_close":604809,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.18","new_version":"1.5.28","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.18 to 1.5.28.\nUpdates `ch.qos.logback:logback-classic` from 1.5.18 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.18 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/bytesiBlaze/physalia/pull/63","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytesiBlaze%2Fphysalia/issues/63","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/63/packages"}},{"old_version":"1.5.23","new_version":"1.5.28","update_type":"patch","path":null,"pr_created_at":"2026-02-08T22:02:57.000Z","version_change":"1.5.23 → 1.5.28","issue":{"uuid":"3913665801","node_id":"PR_kwDOLL9yG87CV6g3","number":68,"state":"closed","title":"build(deps-dev): bump logback.version from 1.5.23 to 1.5.28","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-10T00:35:41.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-08T22:02:57.000Z","updated_at":"2026-02-10T00:35:43.000Z","time_to_close":95564,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps-dev)","packages":[{"name":"logback.version","old_version":"1.5.23","new_version":"1.5.28","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.23 to 1.5.28.\nUpdates `ch.qos.logback:logback-core` from 1.5.23 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.5.23 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/aspan/cloudhopper-smpp/pull/68","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/aspan%2Fcloudhopper-smpp/issues/68","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/68/packages"}},{"old_version":"1.5.23","new_version":"1.5.28","update_type":"patch","path":null,"pr_created_at":"2026-02-08T15:42:37.000Z","version_change":"1.5.23 → 1.5.28","issue":{"uuid":"3912966647","node_id":"PR_kwDOEoQN3s7CTwO4","number":2351,"state":"open","title":"build(deps): bump logback.version from 1.5.23 to 1.5.28","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-08T15:42:37.000Z","updated_at":"2026-02-08T15:42:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"logback.version","old_version":"1.5.23","new_version":"1.5.28","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.23 to 1.5.28.\nUpdates `ch.qos.logback:logback-classic` from 1.5.23 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.23 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Crown-Commercial-Service/ccs-scale-cat-service/pull/2351","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Crown-Commercial-Service%2Fccs-scale-cat-service/issues/2351","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2351/packages"}},{"old_version":"1.5.21","new_version":"1.5.28","update_type":"patch","path":null,"pr_created_at":"2026-02-06T21:24:34.000Z","version_change":"1.5.21 → 1.5.28","issue":{"uuid":"3908474859","node_id":"PR_kwDOBWtjFc7CFdqj","number":67,"state":"closed","title":"Bump logback.version from 1.5.21 to 1.5.28","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-10T00:08:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-06T21:24:34.000Z","updated_at":"2026-02-10T00:08:50.000Z","time_to_close":269054,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.21","new_version":"1.5.28","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.21 to 1.5.28.\nUpdates `ch.qos.logback:logback-classic` from 1.5.21 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.21 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ofpay/logback-mdc-ttl/pull/67","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ofpay%2Flogback-mdc-ttl/issues/67","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/67/packages"}},{"old_version":"1.5.27","new_version":"1.5.28","update_type":"patch","path":null,"pr_created_at":"2026-02-06T18:23:15.000Z","version_change":"1.5.27 → 1.5.28","issue":{"uuid":"3907928305","node_id":"PR_kwDOF99Xm87CDrWf","number":274,"state":"closed","title":"Bump logback.version from 1.5.27 to 1.5.28","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-02-06T19:04:25.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-06T18:23:15.000Z","updated_at":"2026-02-06T19:04:26.000Z","time_to_close":2470,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.27","new_version":"1.5.28","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.27 to 1.5.28.\nUpdates `ch.qos.logback:logback-core` from 1.5.27 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.27...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.5.27 to 1.5.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-02-06 Release of logback version 1.5.28\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Appender names or appender references are no longer subject to variable substitution.\u003c/p\u003e\n\u003cp\u003e• Fixed issue with configurations with conditionals encompassing appenders. This was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1016\"\u003eissues/1016\u003c/a\u003e reported by Sergey Sazonov.\u003c/p\u003e\n\u003cp\u003e• The \u003c!-- raw HTML omitted --\u003e element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the \u003c!-- raw HTML omitted --\u003e element.\u003c/p\u003e\n\u003cp\u003e• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1014\"\u003eissues/1014\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7a1855ab562bb102333f754603ff89359bf3cfc\"\u003e\u003ccode\u003ee7a1855\u003c/code\u003e\u003c/a\u003e prepare release 1.5.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e8dee442658274dbf2549234e7daba7e92331850\"\u003e\u003ccode\u003ee8dee44\u003c/code\u003e\u003c/a\u003e cosmetic changes only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ded504cba3035f4027697ef2050a1773ab9df987\"\u003e\u003ccode\u003eded504c\u003c/code\u003e\u003c/a\u003e minor refactoring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8af5459a09d122439f68b0aa892c5d286c1610b6\"\u003e\u003ccode\u003e8af5459\u003c/code\u003e\u003c/a\u003e fix NPE as reported in issues/1014\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/4f560a0331bc225e733dee4c87d890c20817392c\"\u003e\u003ccode\u003e4f560a0\u003c/code\u003e\u003c/a\u003e appender names of references not subject to substitution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/eab8e1d4a05af7279012da3b1d70b42a2ca0ecc2\"\u003e\u003ccode\u003eeab8e1d\u003c/code\u003e\u003c/a\u003e remove spurious Sytem.out, add javadoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/9ff843d5a171794b6e0408e02c92cbae28432392\"\u003e\u003ccode\u003e9ff843d\u003c/code\u003e\u003c/a\u003e fix issues/1016\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/769bce0567df0786564ebf7c6805d83979dcf8a9\"\u003e\u003ccode\u003e769bce0\u003c/code\u003e\u003c/a\u003e add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/6fd0943e7e6f635a215e348db562247f237e7714\"\u003e\u003ccode\u003e6fd0943\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-core\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/5350e54e47d89e8d524b068e92c09d1c1cce173b\"\u003e\u003ccode\u003e5350e54\u003c/code\u003e\u003c/a\u003e add missing package.html in logback-classic\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.27...v_1.5.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/assist-project/state-machine-bug-finder/pull/274","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/assist-project%2Fstate-machine-bug-finder/issues/274","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/274/packages"}},{"old_version":"1.5.26","new_version":"1.5.27","update_type":"patch","path":null,"pr_created_at":"2026-02-03T05:16:13.000Z","version_change":"1.5.26 → 1.5.27","issue":{"uuid":"3889184428","node_id":"PR_kwDOIo8AOc7BFXff","number":274,"state":"closed","title":"Bump logback.version from 1.5.26 to 1.5.27","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-02-03T05:20:27.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-03T05:16:13.000Z","updated_at":"2026-02-03T05:20:29.000Z","time_to_close":254,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.26","new_version":"1.5.27","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.26 to 1.5.27.\nUpdates `ch.qos.logback:logback-core` from 1.5.26 to 1.5.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/3618eb01aad6672f9cd250dccf7546a69cbe982f\"\u003e\u003ccode\u003e3618eb0\u003c/code\u003e\u003c/a\u003e increase timeout delay to 2000 millis\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/db150c3c92656ed01c66dbd8ec2a0f1548637663\"\u003e\u003ccode\u003edb150c3\u003c/code\u003e\u003c/a\u003e prepare release 1.5.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/0370b137a47a6148c3f2d527f6bfdbd22d3136a8\"\u003e\u003ccode\u003e0370b13\u003c/code\u003e\u003c/a\u003e fix missing MDC transmission in SocketAppender. Fixes issues/1010\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8100acd4e49f7d3c78520efacfd98bd398f0e810\"\u003e\u003ccode\u003e8100acd\u003c/code\u003e\u003c/a\u003e remove RemoteAppender*\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2b67210613628b8610f44063c4e739b71ce83190\"\u003e\u003ccode\u003e2b67210\u003c/code\u003e\u003c/a\u003e remove Receiver related classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d84b58686b3e04661bb47e7260d1fdcb731826ac\"\u003e\u003ccode\u003ed84b586\u003c/code\u003e\u003c/a\u003e remove ReceiverModelHandler - project still builds indicating no active usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44049ed38ff396bc45a98d9b536da8f179547132\"\u003e\u003ccode\u003e44049ed\u003c/code\u003e\u003c/a\u003e remove support for receivers in SerializedModelConfigurator and JoranConfigur...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/56085d898665d6e99489591333a4ddf381465443\"\u003e\u003ccode\u003e56085d8\u003c/code\u003e\u003c/a\u003e fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7764f47e51921abe9635b32c2fa80e65d29efba\"\u003e\u003ccode\u003ee7764f4\u003c/code\u003e\u003c/a\u003e refactor file change scanning for clarity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e56a12f865751ce6a599963187b4a861854c7e8a\"\u003e\u003ccode\u003ee56a12f\u003c/code\u003e\u003c/a\u003e bump assertj version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.26...v_1.5.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.5.26 to 1.5.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/3618eb01aad6672f9cd250dccf7546a69cbe982f\"\u003e\u003ccode\u003e3618eb0\u003c/code\u003e\u003c/a\u003e increase timeout delay to 2000 millis\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/db150c3c92656ed01c66dbd8ec2a0f1548637663\"\u003e\u003ccode\u003edb150c3\u003c/code\u003e\u003c/a\u003e prepare release 1.5.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/0370b137a47a6148c3f2d527f6bfdbd22d3136a8\"\u003e\u003ccode\u003e0370b13\u003c/code\u003e\u003c/a\u003e fix missing MDC transmission in SocketAppender. Fixes issues/1010\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8100acd4e49f7d3c78520efacfd98bd398f0e810\"\u003e\u003ccode\u003e8100acd\u003c/code\u003e\u003c/a\u003e remove RemoteAppender*\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2b67210613628b8610f44063c4e739b71ce83190\"\u003e\u003ccode\u003e2b67210\u003c/code\u003e\u003c/a\u003e remove Receiver related classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d84b58686b3e04661bb47e7260d1fdcb731826ac\"\u003e\u003ccode\u003ed84b586\u003c/code\u003e\u003c/a\u003e remove ReceiverModelHandler - project still builds indicating no active usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44049ed38ff396bc45a98d9b536da8f179547132\"\u003e\u003ccode\u003e44049ed\u003c/code\u003e\u003c/a\u003e remove support for receivers in SerializedModelConfigurator and JoranConfigur...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/56085d898665d6e99489591333a4ddf381465443\"\u003e\u003ccode\u003e56085d8\u003c/code\u003e\u003c/a\u003e fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7764f47e51921abe9635b32c2fa80e65d29efba\"\u003e\u003ccode\u003ee7764f4\u003c/code\u003e\u003c/a\u003e refactor file change scanning for clarity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e56a12f865751ce6a599963187b4a861854c7e8a\"\u003e\u003ccode\u003ee56a12f\u003c/code\u003e\u003c/a\u003e bump assertj version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.26...v_1.5.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/sebastian-toepfer/domain-driven-desgin/pull/274","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sebastian-toepfer%2Fdomain-driven-desgin/issues/274","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/274/packages"}},{"old_version":"1.5.21","new_version":"1.5.27","update_type":"patch","path":null,"pr_created_at":"2026-02-03T03:21:18.000Z","version_change":"1.5.21 → 1.5.27","issue":{"uuid":"3888825313","node_id":"PR_kwDOHU9OKc7BEKiZ","number":511,"state":"closed","title":"Bump logback.version from 1.5.21 to 1.5.27","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-10T00:34:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-03T03:21:18.000Z","updated_at":"2026-02-10T00:34:56.000Z","time_to_close":594817,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.21","new_version":"1.5.27","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.21 to 1.5.27.\nUpdates `ch.qos.logback:logback-classic` from 1.5.21 to 1.5.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-06 Release of logback version 1.5.24\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See \u003ca href=\"https://logback.qos.ch/manual/configuration.html#conditionalExp\"\u003ethe relevant documentation\u003c/a\u003e for further details.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-21 Release of logback version 1.5.23\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/959\"\u003eissues/959\u003c/a\u003e file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the \u003ccode\u003eConcurrentModificationException\u003c/code\u003e reported in the issue.\u003c/p\u003e\n\u003cp\u003e• ZIP and XZ compression now use a \u003ccode\u003eBufferedOutputStream\u003c/code\u003e when writing to the compressed file. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/988\"\u003eissues/988\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/3618eb01aad6672f9cd250dccf7546a69cbe982f\"\u003e\u003ccode\u003e3618eb0\u003c/code\u003e\u003c/a\u003e increase timeout delay to 2000 millis\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/db150c3c92656ed01c66dbd8ec2a0f1548637663\"\u003e\u003ccode\u003edb150c3\u003c/code\u003e\u003c/a\u003e prepare release 1.5.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/0370b137a47a6148c3f2d527f6bfdbd22d3136a8\"\u003e\u003ccode\u003e0370b13\u003c/code\u003e\u003c/a\u003e fix missing MDC transmission in SocketAppender. Fixes issues/1010\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8100acd4e49f7d3c78520efacfd98bd398f0e810\"\u003e\u003ccode\u003e8100acd\u003c/code\u003e\u003c/a\u003e remove RemoteAppender*\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2b67210613628b8610f44063c4e739b71ce83190\"\u003e\u003ccode\u003e2b67210\u003c/code\u003e\u003c/a\u003e remove Receiver related classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d84b58686b3e04661bb47e7260d1fdcb731826ac\"\u003e\u003ccode\u003ed84b586\u003c/code\u003e\u003c/a\u003e remove ReceiverModelHandler - project still builds indicating no active usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44049ed38ff396bc45a98d9b536da8f179547132\"\u003e\u003ccode\u003e44049ed\u003c/code\u003e\u003c/a\u003e remove support for receivers in SerializedModelConfigurator and JoranConfigur...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/56085d898665d6e99489591333a4ddf381465443\"\u003e\u003ccode\u003e56085d8\u003c/code\u003e\u003c/a\u003e fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7764f47e51921abe9635b32c2fa80e65d29efba\"\u003e\u003ccode\u003ee7764f4\u003c/code\u003e\u003c/a\u003e refactor file change scanning for clarity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e56a12f865751ce6a599963187b4a861854c7e8a\"\u003e\u003ccode\u003ee56a12f\u003c/code\u003e\u003c/a\u003e bump assertj version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.21 to 1.5.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-06 Release of logback version 1.5.24\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See \u003ca href=\"https://logback.qos.ch/manual/configuration.html#conditionalExp\"\u003ethe relevant documentation\u003c/a\u003e for further details.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-21 Release of logback version 1.5.23\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/959\"\u003eissues/959\u003c/a\u003e file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the \u003ccode\u003eConcurrentModificationException\u003c/code\u003e reported in the issue.\u003c/p\u003e\n\u003cp\u003e• ZIP and XZ compression now use a \u003ccode\u003eBufferedOutputStream\u003c/code\u003e when writing to the compressed file. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/988\"\u003eissues/988\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/3618eb01aad6672f9cd250dccf7546a69cbe982f\"\u003e\u003ccode\u003e3618eb0\u003c/code\u003e\u003c/a\u003e increase timeout delay to 2000 millis\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/db150c3c92656ed01c66dbd8ec2a0f1548637663\"\u003e\u003ccode\u003edb150c3\u003c/code\u003e\u003c/a\u003e prepare release 1.5.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/0370b137a47a6148c3f2d527f6bfdbd22d3136a8\"\u003e\u003ccode\u003e0370b13\u003c/code\u003e\u003c/a\u003e fix missing MDC transmission in SocketAppender. Fixes issues/1010\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8100acd4e49f7d3c78520efacfd98bd398f0e810\"\u003e\u003ccode\u003e8100acd\u003c/code\u003e\u003c/a\u003e remove RemoteAppender*\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2b67210613628b8610f44063c4e739b71ce83190\"\u003e\u003ccode\u003e2b67210\u003c/code\u003e\u003c/a\u003e remove Receiver related classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d84b58686b3e04661bb47e7260d1fdcb731826ac\"\u003e\u003ccode\u003ed84b586\u003c/code\u003e\u003c/a\u003e remove ReceiverModelHandler - project still builds indicating no active usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44049ed38ff396bc45a98d9b536da8f179547132\"\u003e\u003ccode\u003e44049ed\u003c/code\u003e\u003c/a\u003e remove support for receivers in SerializedModelConfigurator and JoranConfigur...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/56085d898665d6e99489591333a4ddf381465443\"\u003e\u003ccode\u003e56085d8\u003c/code\u003e\u003c/a\u003e fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7764f47e51921abe9635b32c2fa80e65d29efba\"\u003e\u003ccode\u003ee7764f4\u003c/code\u003e\u003c/a\u003e refactor file change scanning for clarity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e56a12f865751ce6a599963187b4a861854c7e8a\"\u003e\u003ccode\u003ee56a12f\u003c/code\u003e\u003c/a\u003e bump assertj version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/google/fhir-gateway/pull/511","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Ffhir-gateway/issues/511","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/511/packages"}},{"old_version":"1.5.21","new_version":"1.5.27","update_type":"patch","path":null,"pr_created_at":"2026-02-03T02:23:59.000Z","version_change":"1.5.21 → 1.5.27","issue":{"uuid":"3888634748","node_id":"PR_kwDOEu4wFc7BDhLW","number":665,"state":"closed","title":"Bump logback.version from 1.5.21 to 1.5.27","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-09T23:35:47.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-03T02:23:59.000Z","updated_at":"2026-02-09T23:35:49.000Z","time_to_close":594708,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.21","new_version":"1.5.27","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.21 to 1.5.27.\nUpdates `ch.qos.logback:logback-core` from 1.5.21 to 1.5.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-06 Release of logback version 1.5.24\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See \u003ca href=\"https://logback.qos.ch/manual/configuration.html#conditionalExp\"\u003ethe relevant documentation\u003c/a\u003e for further details.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-21 Release of logback version 1.5.23\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/959\"\u003eissues/959\u003c/a\u003e file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the \u003ccode\u003eConcurrentModificationException\u003c/code\u003e reported in the issue.\u003c/p\u003e\n\u003cp\u003e• ZIP and XZ compression now use a \u003ccode\u003eBufferedOutputStream\u003c/code\u003e when writing to the compressed file. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/988\"\u003eissues/988\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/3618eb01aad6672f9cd250dccf7546a69cbe982f\"\u003e\u003ccode\u003e3618eb0\u003c/code\u003e\u003c/a\u003e increase timeout delay to 2000 millis\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/db150c3c92656ed01c66dbd8ec2a0f1548637663\"\u003e\u003ccode\u003edb150c3\u003c/code\u003e\u003c/a\u003e prepare release 1.5.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/0370b137a47a6148c3f2d527f6bfdbd22d3136a8\"\u003e\u003ccode\u003e0370b13\u003c/code\u003e\u003c/a\u003e fix missing MDC transmission in SocketAppender. Fixes issues/1010\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8100acd4e49f7d3c78520efacfd98bd398f0e810\"\u003e\u003ccode\u003e8100acd\u003c/code\u003e\u003c/a\u003e remove RemoteAppender*\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2b67210613628b8610f44063c4e739b71ce83190\"\u003e\u003ccode\u003e2b67210\u003c/code\u003e\u003c/a\u003e remove Receiver related classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d84b58686b3e04661bb47e7260d1fdcb731826ac\"\u003e\u003ccode\u003ed84b586\u003c/code\u003e\u003c/a\u003e remove ReceiverModelHandler - project still builds indicating no active usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44049ed38ff396bc45a98d9b536da8f179547132\"\u003e\u003ccode\u003e44049ed\u003c/code\u003e\u003c/a\u003e remove support for receivers in SerializedModelConfigurator and JoranConfigur...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/56085d898665d6e99489591333a4ddf381465443\"\u003e\u003ccode\u003e56085d8\u003c/code\u003e\u003c/a\u003e fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7764f47e51921abe9635b32c2fa80e65d29efba\"\u003e\u003ccode\u003ee7764f4\u003c/code\u003e\u003c/a\u003e refactor file change scanning for clarity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e56a12f865751ce6a599963187b4a861854c7e8a\"\u003e\u003ccode\u003ee56a12f\u003c/code\u003e\u003c/a\u003e bump assertj version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-classic` from 1.5.21 to 1.5.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-06 Release of logback version 1.5.24\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See \u003ca href=\"https://logback.qos.ch/manual/configuration.html#conditionalExp\"\u003ethe relevant documentation\u003c/a\u003e for further details.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-21 Release of logback version 1.5.23\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/959\"\u003eissues/959\u003c/a\u003e file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the \u003ccode\u003eConcurrentModificationException\u003c/code\u003e reported in the issue.\u003c/p\u003e\n\u003cp\u003e• ZIP and XZ compression now use a \u003ccode\u003eBufferedOutputStream\u003c/code\u003e when writing to the compressed file. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/988\"\u003eissues/988\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/3618eb01aad6672f9cd250dccf7546a69cbe982f\"\u003e\u003ccode\u003e3618eb0\u003c/code\u003e\u003c/a\u003e increase timeout delay to 2000 millis\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/db150c3c92656ed01c66dbd8ec2a0f1548637663\"\u003e\u003ccode\u003edb150c3\u003c/code\u003e\u003c/a\u003e prepare release 1.5.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/0370b137a47a6148c3f2d527f6bfdbd22d3136a8\"\u003e\u003ccode\u003e0370b13\u003c/code\u003e\u003c/a\u003e fix missing MDC transmission in SocketAppender. Fixes issues/1010\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8100acd4e49f7d3c78520efacfd98bd398f0e810\"\u003e\u003ccode\u003e8100acd\u003c/code\u003e\u003c/a\u003e remove RemoteAppender*\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2b67210613628b8610f44063c4e739b71ce83190\"\u003e\u003ccode\u003e2b67210\u003c/code\u003e\u003c/a\u003e remove Receiver related classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d84b58686b3e04661bb47e7260d1fdcb731826ac\"\u003e\u003ccode\u003ed84b586\u003c/code\u003e\u003c/a\u003e remove ReceiverModelHandler - project still builds indicating no active usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44049ed38ff396bc45a98d9b536da8f179547132\"\u003e\u003ccode\u003e44049ed\u003c/code\u003e\u003c/a\u003e remove support for receivers in SerializedModelConfigurator and JoranConfigur...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/56085d898665d6e99489591333a4ddf381465443\"\u003e\u003ccode\u003e56085d8\u003c/code\u003e\u003c/a\u003e fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7764f47e51921abe9635b32c2fa80e65d29efba\"\u003e\u003ccode\u003ee7764f4\u003c/code\u003e\u003c/a\u003e refactor file change scanning for clarity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e56a12f865751ce6a599963187b4a861854c7e8a\"\u003e\u003ccode\u003ee56a12f\u003c/code\u003e\u003c/a\u003e bump assertj version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/SecureApiGateway/secure-api-gateway-fapi-pep-rs-ob/pull/665","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecureApiGateway%2Fsecure-api-gateway-fapi-pep-rs-ob/issues/665","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/665/packages"}},{"old_version":"1.5.18","new_version":"1.5.27","update_type":"patch","path":null,"pr_created_at":"2026-02-02T07:38:51.000Z","version_change":"1.5.18 → 1.5.27","issue":{"uuid":"3884449861","node_id":"PR_kwDOP6z2Ys7A1lik","number":51,"state":"closed","title":"Bump logback.version from 1.5.18 to 1.5.27","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-09T07:33:19.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-02T07:38:51.000Z","updated_at":"2026-02-09T07:33:20.000Z","time_to_close":604468,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"logback.version","old_version":"1.5.18","new_version":"1.5.27","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps `logback.version` from 1.5.18 to 1.5.27.\nUpdates `ch.qos.logback:logback-classic` from 1.5.18 to 1.5.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-classic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-06 Release of logback version 1.5.24\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See \u003ca href=\"https://logback.qos.ch/manual/configuration.html#conditionalExp\"\u003ethe relevant documentation\u003c/a\u003e for further details.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-21 Release of logback version 1.5.23\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/959\"\u003eissues/959\u003c/a\u003e file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the \u003ccode\u003eConcurrentModificationException\u003c/code\u003e reported in the issue.\u003c/p\u003e\n\u003cp\u003e• ZIP and XZ compression now use a \u003ccode\u003eBufferedOutputStream\u003c/code\u003e when writing to the compressed file. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/988\"\u003eissues/988\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/3618eb01aad6672f9cd250dccf7546a69cbe982f\"\u003e\u003ccode\u003e3618eb0\u003c/code\u003e\u003c/a\u003e increase timeout delay to 2000 millis\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/db150c3c92656ed01c66dbd8ec2a0f1548637663\"\u003e\u003ccode\u003edb150c3\u003c/code\u003e\u003c/a\u003e prepare release 1.5.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/0370b137a47a6148c3f2d527f6bfdbd22d3136a8\"\u003e\u003ccode\u003e0370b13\u003c/code\u003e\u003c/a\u003e fix missing MDC transmission in SocketAppender. Fixes issues/1010\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8100acd4e49f7d3c78520efacfd98bd398f0e810\"\u003e\u003ccode\u003e8100acd\u003c/code\u003e\u003c/a\u003e remove RemoteAppender*\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2b67210613628b8610f44063c4e739b71ce83190\"\u003e\u003ccode\u003e2b67210\u003c/code\u003e\u003c/a\u003e remove Receiver related classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d84b58686b3e04661bb47e7260d1fdcb731826ac\"\u003e\u003ccode\u003ed84b586\u003c/code\u003e\u003c/a\u003e remove ReceiverModelHandler - project still builds indicating no active usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44049ed38ff396bc45a98d9b536da8f179547132\"\u003e\u003ccode\u003e44049ed\u003c/code\u003e\u003c/a\u003e remove support for receivers in SerializedModelConfigurator and JoranConfigur...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/56085d898665d6e99489591333a4ddf381465443\"\u003e\u003ccode\u003e56085d8\u003c/code\u003e\u003c/a\u003e fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7764f47e51921abe9635b32c2fa80e65d29efba\"\u003e\u003ccode\u003ee7764f4\u003c/code\u003e\u003c/a\u003e refactor file change scanning for clarity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e56a12f865751ce6a599963187b4a861854c7e8a\"\u003e\u003ccode\u003ee56a12f\u003c/code\u003e\u003c/a\u003e bump assertj version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.5.18 to 1.5.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-30 Release of logback version 1.5.27\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.\u003c/p\u003e\n\u003cp\u003e• Fixed missing MDC data transmitted by \u003ccode\u003eSocketAppender\u003c/code\u003e reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1010\"\u003eissues/1010\u003c/a\u003e by Lars Vogel.\u003c/p\u003e\n\u003cp\u003e• Removed all \u003ccode\u003eReceiver\u003c/code\u003e classes and components which were already disabled for several years.\u003c/p\u003e\n\u003cp\u003e• Refactored file scanning code for improved clarity.\u003c/p\u003e\n\u003cp\u003e• In \u003ccode\u003eSizeAndTimeBasedRollingPolicy\u003c/code\u003e modified \u003ccode\u003etotalSizeCap\u003c/code\u003e and \u003ccode\u003emaxFileSize\u003c/code\u003e comparison to taking into account file compression. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1007\"\u003eissues/1007\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-25 Release of logback version 1.5.26\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1003\"\u003eissues/1003\u003c/a\u003e by Marius Hanl who also provided the relevant PR.\u003c/p\u003e\n\u003cp\u003e• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/1002\"\u003eissues/1002\u003c/a\u003e by Christoph Gritschenberger.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-06 Release of logback version 1.5.24\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See \u003ca href=\"https://logback.qos.ch/manual/configuration.html#conditionalExp\"\u003ethe relevant documentation\u003c/a\u003e for further details.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-21 Release of logback version 1.5.23\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/959\"\u003eissues/959\u003c/a\u003e file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the \u003ccode\u003eConcurrentModificationException\u003c/code\u003e reported in the issue.\u003c/p\u003e\n\u003cp\u003e• ZIP and XZ compression now use a \u003ccode\u003eBufferedOutputStream\u003c/code\u003e when writing to the compressed file. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/988\"\u003eissues/988\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/3618eb01aad6672f9cd250dccf7546a69cbe982f\"\u003e\u003ccode\u003e3618eb0\u003c/code\u003e\u003c/a\u003e increase timeout delay to 2000 millis\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/db150c3c92656ed01c66dbd8ec2a0f1548637663\"\u003e\u003ccode\u003edb150c3\u003c/code\u003e\u003c/a\u003e prepare release 1.5.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/0370b137a47a6148c3f2d527f6bfdbd22d3136a8\"\u003e\u003ccode\u003e0370b13\u003c/code\u003e\u003c/a\u003e fix missing MDC transmission in SocketAppender. Fixes issues/1010\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8100acd4e49f7d3c78520efacfd98bd398f0e810\"\u003e\u003ccode\u003e8100acd\u003c/code\u003e\u003c/a\u003e remove RemoteAppender*\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2b67210613628b8610f44063c4e739b71ce83190\"\u003e\u003ccode\u003e2b67210\u003c/code\u003e\u003c/a\u003e remove Receiver related classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d84b58686b3e04661bb47e7260d1fdcb731826ac\"\u003e\u003ccode\u003ed84b586\u003c/code\u003e\u003c/a\u003e remove ReceiverModelHandler - project still builds indicating no active usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/44049ed38ff396bc45a98d9b536da8f179547132\"\u003e\u003ccode\u003e44049ed\u003c/code\u003e\u003c/a\u003e remove support for receivers in SerializedModelConfigurator and JoranConfigur...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/56085d898665d6e99489591333a4ddf381465443\"\u003e\u003ccode\u003e56085d8\u003c/code\u003e\u003c/a\u003e fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e7764f47e51921abe9635b32c2fa80e65d29efba\"\u003e\u003ccode\u003ee7764f4\u003c/code\u003e\u003c/a\u003e refactor file change scanning for clarity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e56a12f865751ce6a599963187b4a861854c7e8a\"\u003e\u003ccode\u003ee56a12f\u003c/code\u003e\u003c/a\u003e bump assertj version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/wilsonpilone/getpebble/pull/51","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wilsonpilone%2Fgetpebble/issues/51","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/51/packages"}}]}