From d88ac60f5b13105d430d5d75b8f56b039799de17 Mon Sep 17 00:00:00 2001
From: Moritz Eysholdt <moritz@ona.com>
Date: Mon, 9 Mar 2026 13:23:30 +0000
Subject: [PATCH] Upgrade logback to 1.5.25 to fix CVE-2026-1225

Override logback.version property in pom.xml to resolve Dependabot
alert #1 (ch.qos.logback:logback-core < 1.5.25).

Co-authored-by: Ona <no-reply@ona.com>
---
 pom.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pom.xml b/pom.xml
index fb38cc3d..8c2130fc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,6 +24,7 @@
     <webjars-bootstrap.version>5.3.8</webjars-bootstrap.version>
     <webjars-font-awesome.version>4.7.0</webjars-font-awesome.version>
 
+    <logback.version>1.5.25</logback.version>
     <checkstyle.version>12.1.2</checkstyle.version>
     <jacoco.version>0.8.14</jacoco.version>
     <libsass.version>0.3.4</libsass.version>