update dependency to fix CVE-2023-6378 (#4759) (#4771)

vaadin-bot · ZheSun88 · web-flow · commit 38a1e537ca89 · 2023-12-04T11:30:43.000+02:00
Co-authored-by: Zhe Sun &lt;31067185+ZheSun88@users.noreply.github.com&gt;
diff --git a/vaadin-spring-boot-starter/pom.xml b/vaadin-spring-boot-starter/pom.xml
@@ -65,8 +65,19 @@
                     <groupId>org.yaml</groupId>
                     <artifactId>snakeyaml</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>ch.qos.logback</groupId>
+                    <artifactId>logback-classic</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
+        <!-- CVE-2023-6378, should be removed after spring-boot fix. 
+        https://github.com/spring-projects/spring-boot/blob/main/spring-boot-project/spring-boot-dependencies/build.gradle#L849  -->
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>1.4.12</version>
+        </dependency>
         <!-- End Spring -->
     </dependencies>
 </project>
