diff --git a/pom.xml b/pom.xml
index 60a65c61a..7f7f8b429 100644
--- a/pom.xml
+++ b/pom.xml
@@ -111,7 +111,7 @@
         dropped Groovy support (https://jira.qos.ch/browse/LOGBACK-1606). So we're stuck with 1.2.8 for
         the time being. The vulnerability requires access to the config file, though, so it's not that critical.
         -->
-        <logback.version>1.2.8</logback.version>
+        <logback.version>1.5.14</logback.version>
         <ognl.version>3.2.10</ognl.version>
         <quartz.version>2.3.2</quartz.version>
         <resteasy.version>4.7.8.Final</resteasy.version>