Fix: upgrade logback to 1.2.9 for CVE issue (#2005)

Author: ligangty

pom.xml

@@ -60,7 +60,6 @@
     <!-- thirdparty projects -->
     <javaVersion>1.8</javaVersion>
     <slf4j-version>1.7.16</slf4j-version>
-    <logback-version>1.2.3</logback-version>
     <infinispanVersion>9.4.17.Final</infinispanVersion>
     <protostreamVersion>4.3.0.Final</protostreamVersion>
     <gsonVersion>2.8.2</gsonVersion>
@@ -75,7 +74,7 @@
     <bouncycastleVersion>1.64</bouncycastleVersion>
     <bytemanVersion>4.0.13</bytemanVersion>
     <kafkaVersion>1.1.0</kafkaVersion>
-    <logbackVersion>1.2.3</logbackVersion>
+    <logbackVersion>1.2.9</logbackVersion>
     <logbackContribVersion>0.1.5</logbackContribVersion>
     <weldVersion>2.4.6.Final</weldVersion>
     <jacksonVersion>2.10.1</jacksonVersion>