Upgraded from java 11 to java 17, springboot libraries from 2.7.x to 3.0.6, snakeyaml to 2.0.0 and logback library to 1.4.x which is compatible with spring 3.0.x. Was getting the errors related to snakeyamlParser, by downgrading snakeyaml back 1.33 resolved the error, but as we know it has vulnerability associated with it.
When downgraded to 1.33, it is not able to read the logback-spring.xml file and due to which no logs are appearing. Is there any fix already provided for it in the later versions?
Comment From: wilkinsona
SnakeYAML isn't involved in reading logback-spring.xml so I'm afraid I don't see the connection between SnakeYAML and Logback. Please provide a minimal sample that reproduces the errors.
Comment From: jthobhani
Yes @wilkinsona, there might not be a connection I agree between snakeyaml and logback, I think it was due to spring-boot-starter-logging library. I have seen in various projects people excluding that library and not using logback, instead of it are using log4j2 library.
Comment From: spring-projects-issues
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.
Comment From: mohkhalidabdulaziz
As far as I know, SnakeYAML isn't involved in reading logback-spring.xml, to be able to use Logback 1.4.x with Spring Boot 3.0.6, you only need Spring starter web dependency as it has log4j library init moreover you only have add default if you use customized logback config. spring-boot-starter to pull in spring-boot-starter-logging and it's compatible with spring boot 3.0.6.
Comment From: spring-projects-issues
Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.