Require Logback 1.4.12 in the Spring Boot example to fix CVE-2023-6378.

Resolves #199. (#200) Signed-off-by: David Venable <[email protected]>
opensearch-project · Dec 1, 2023 · cef62fc · cef62fc
1 parent fc36fe0
commit cef62fc
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/spring-data-opensearch-examples/spring-boot-gradle/build.gradle.kts b/spring-data-opensearch-examples/spring-boot-gradle/build.gradle.kts
@@ -32,6 +32,15 @@ dependencies {
   testImplementation(springLibs.boot.test.autoconfigure)
   testImplementation(opensearchLibs.testcontainers)
   testImplementation(project(":spring-data-opensearch-test-autoconfigure"))
+
+  constraints {
+    implementation("ch.qos.logback:logback-classic") {
+      version {
+        require("1.4.12")
+      }
+      because("Fixes CVE-2023-6378")
+    }
+  }
 }
 
 description = "Spring Data OpenSearch Spring Boot Example Project"