2025-09-30 Release of logback version 1.5.19
• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.
• At initialization time, slightly better reporting about watched configuration files.
• Softer message regarding usage of ConsoleAppender and its potential impact on performance.
• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.
• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.