>How would we then be able to ever release a log4j-1.2.19 jar if we find >another security vulnerability?
I hope 1.2.19 won't be needed ;) >I believe that 1.2.17 targets Java 1.4(!) Java 1.8 can target 1.4 bytecode. >Also, I think we can consider not supporting any appenders that require >native code I'm not sure what to do with native code. It might be ok to drop the native appenders as well, as the overlap of those who use it and who can't upgrade and who needs a fix at the same time is probably close to zero. Vladimir
