ARROW-1240: [JAVA] security: upgrade logback to address CVE-2017-5929 (take 2)

Matt Darwin · wesm · commit b795e5cff92c · 2017-08-11T17:13:30.000-04:00
sorry, this was still not fixed properly. logback version is separately specified in 2 places. Fixed properly this time. Author: Matt Darwin <(none)> Author: Matt <mattdarwin@yahoo.co.uk> Closes #960 from mattdarwin/ARROW-1240-upgrade-logback and squashes the following commits: 3492f66 [Matt Darwin] upgrading logback in tools/pom.xml 206b48d [Matt Darwin] Merge branch 'master' into ARROW-1240-upgrade-logback 284a4ce [Matt Darwin] Merge branch 'master' of https://github.com/apache/arrow bc3b6a0 [Matt] Merge pull request #1 from apache/master 3e2f676 [Matt Darwin] Merge branch 'master' into ARROW-1240-upgrade-logback caed163 [Matt Darwin] upgrading slf4j to 1.7.25
diff --git a/java/tools/pom.xml b/java/tools/pom.xml
@@ -48,7 +48,7 @@
         <dependency>
           <groupId>ch.qos.logback</groupId>
           <artifactId>logback-classic</artifactId>
-          <version>1.0.13</version>
+          <version>1.2.3</version>
           <scope>run</scope>
         </dependency>
     </dependencies>
