Security issues should not be discussed in public for obvious reasons. Please see https://www.apache.org/security/
Gary On Sun, Dec 15, 2019 at 7:01 AM Andrew Marlow <[email protected]> wrote: > Hello everyone, > > I know that log4j-v1 was announced as end of life back in 2015 and that all > effort is on log4j2. However, I would very much like to see a new version, > presumably it would be called 1.2.18, which addresses a security > vulnerability. Is this right place to discuss this please? > > -- > Regards, > > Andrew Marlow > http://www.andrewpetermarlow.co.uk >
