CVE-2017-5929: bump logback-classic version to latest

Our logback version is very old, and while this particular vulnerability probably doesn't affect us, it's worth updating it regardless.

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.