...
This is a patch release primarily to update logback, the logging solution we provide by default. A few other dependencies were also updated to address open CVEs, including Spring.
The new logback version was issued in response to the log4shell debacle, and includes some hardening of features and the removal of other features to reduce the attack surface, though logback itself did not have any meaningful vulnerability that wouldn’t require compromise of its configuration file to begin with.
...