Hello,
as discussed in another thread, this is a vote about the future of log4j 1.
This vote stays open for the usual 72h.
Options are explained below.
You can vote for:
[ ] +1, Option 1
[ ] +1, Option 2
[ ] +/- 0, abstain
[ ] -1 object against those options
Option 1: Create a README.md that publishes the projects EOL status and do
nothing else.
Option 2: Create a README which says the project is EOL but allow the following
work for 1.2.18 AND create a full release:
a. Make the build work with a modern version of Maven.
b. Fix the Java version bug.
c. Fix CVE-2021-4104 (expanded to address all JNDI components)
d. Fix CVE-2019-17571
Regards,
Christian
--
The Apache Software Foundation
V.P., Data Privacy
