Home Original page

Bump ch.qos.logback:logback-classic from 1.5.27 to 1.5.28 by dependabot[bot] · Pull Request #18697 · spring-projects/spring-security

Bumps ch.qos.logback:logback-classic from 1.5.27 to 1.5.28.

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.28

2026-02-06 Release of logback version 1.5.28

• Appender names or appender references are no longer subject to variable substitution.

• Fixed issue with configurations with conditionals encompassing appenders. This was reported in issues/1016 reported by Sergey Sazonov.

• The element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the element.

• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in issues/1014.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • e7a1855 prepare release 1.5.28
  • e8dee44 cosmetic changes only
  • ded504c minor refactoring
  • 8af5459 fix NPE as reported in issues/1014
  • 4f560a0 appender names of references not subject to substitution
  • eab8e1d remove spurious Sytem.out, add javadoc
  • 9ff843d fix issues/1016
  • 769bce0 add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction
  • 6fd0943 add missing package.html in logback-core
  • 5350e54 add missing package.html in logback-classic
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)