From 161da059ceb0c26be6124efeddfaf6cd0026d3e5 Mon Sep 17 00:00:00 2001
From: Maxim Thomas <maxim.thomas@gmail.com>
Date: Tue, 27 Jan 2026 12:14:54 +0000
Subject: [PATCH] CVE-2026-1225 Logback allows an attacker to instantiate classes already present on the class path (#583)

---
 opendj-embedded/pom.xml |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/opendj-embedded/pom.xml b/opendj-embedded/pom.xml
index 445775b..4d426e5 100644
--- a/opendj-embedded/pom.xml
+++ b/opendj-embedded/pom.xml
@@ -12,7 +12,7 @@
   Header, with the fields enclosed by brackets [] replaced by your own identifying
   information: "Portions Copyright [year] [name of copyright owner]".
 
-  Copyright 2024 3A Systems LLC.
+  Copyright 2024-2026 3A Systems LLC.
 -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
@@ -38,7 +38,7 @@
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-core</artifactId>
-            <version>1.5.19</version>
+            <version>1.5.26</version>
             <exclusions>
                 <exclusion>
                     <artifactId>slf4j-api</artifactId>
@@ -49,7 +49,7 @@
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-classic</artifactId>
-            <version>1.5.18</version>
+            <version>1.5.26</version>
             <exclusions>
                 <exclusion>
                     <artifactId>slf4j-api</artifactId>

--
Gitblit v1.10.0