Skip to content

Bump ch.qos.logback:logback-classic from 1.5.35 to 1.5.36#19389

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/gradle/main/ch.qos.logback-logback-classic-1.5.36
Jun 26, 2026
Merged

Bump ch.qos.logback:logback-classic from 1.5.35 to 1.5.36#19389
github-actions[bot] merged 1 commit into
mainfrom
dependabot/gradle/main/ch.qos.logback-logback-classic-1.5.36

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 26, 2026

Copy link
Copy Markdown
Contributor

Bumps ch.qos.logback:logback-classic from 1.5.35 to 1.5.36.

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.36

2026-06-25 Release of logback version 1.5.36

• The 'condition' attribute in <if> elements now reject certain references that are associated with ACE attacks. This issue was reported by "yulate" (yulate531@gmail.com.com) and registered as CVE-2026-13006.

• A bitwise identical binary of this version can be reproduced by building from source code at commit 9b94c37562bf25a6a944146701d42ee6c4eee888 associated with the tag v_1.5.36. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump ch.qos.logback:logback-classic from 1.5.35 to 1.5.36
2bc9cad 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.35 to 1.5.36.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.35...v_1.5.36)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.36
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added in: build An issue in the build type: dependency-upgrade A dependency upgrade labels Jun 26, 2026
@github-actions github-actions Bot added this to the 7.1.1 milestone Jun 26, 2026
@github-actions github-actions Bot enabled auto-merge (rebase) June 26, 2026 03:04
@github-actions github-actions Bot merged commit f5fbc2b into main Jun 26, 2026
8 checks passed
@dependabot dependabot Bot deleted the dependabot/gradle/main/ch.qos.logback-logback-classic-1.5.36 branch June 26, 2026 03:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

in: build An issue in the build type: dependency-upgrade A dependency upgrade

Projects

None yet

Milestone

7.1.1

Development

Successfully merging this pull request may close these issues.

0 participants