Recently updated logback-classic to 1.5.16 to address vulnerabilities, including one caused by JaninoEventEvaluator, which has now been removed.

I've found this tool which helps create a custom evaluator to replace Janino's, but is this the only option? Do we need custom evaluators every time we want to filter our logs, or has the team provided some replacement for the Janino evaluator? Alternatively, are there plans to replace it?

I'd rather not add custom code if there's a way to contain the filtering logic entirely in logback.xml.