Skip to content

Commit

Permalink
Update SECURITY.md about logback and demo v1.x
Browse files Browse the repository at this point in the history
  • Loading branch information
@sbernard31
sbernard31 committed Jan 2, 2025
1 parent d4456ad commit 9591616
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ It is strongly discouraged to use Leshan demos v1.x on public server because the
- **bootstrap.js** (pkg:javascript/[email protected]) : Bootstrap before 4.0.0 is end-of-life and no longer maintained.
- **jquery-2.2.4.js** (pkg:javascript/[email protected]) : CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
- [**Jetty 9.x**](https://github.com/jetty/jetty.project/issues/7958) : Jetty 9.4 reach End-of-Life and no longer receiving security updates at January 2025.
- [**logback 1.2.x**](https://logback.qos.ch/download.html) : The 1.2.x series has been deprecated for several years and is no longer maintained. As such, use of the 1.2.x series is discouraged. (CVE-2024-12798, CVE-2024-12801)


Concerning Leshan demos v2.x, some minimal efforts are made to update dependencies when vulnerabilities are detected but keep in mind that demos are not production ready tools.

Expand Down

0 comments on commit 9591616

Please sign in to comment.