+0

>  People should migrate to log4j2.
good thinking, but what if they migrate to logback...
IMO logback is a thing more likely log4j1 than log4j2, just user side.


Ralph Goers <ralph.go...@dslextreme.com> 于2022年1月1日周六 23:18写道:

> +1 to Option 1
>
> Ralph
>
> > On Dec 29, 2021, at 12:33 PM, Christian Grobmeier <grobme...@apache.org>
> wrote:
> >
> > Hello,
> >
> > as discussed in another thread, this is a vote about the future of log4j
> 1. This vote stays open for the usual 72h.
> > Options are explained below.
> >
> > You can vote for:
> >
> > [ ] +1, Option 1
> > [ ] +1, Option 2
> > [ ] +/- 0, abstain
> > [ ] -1 object against those options
> >
> > Option 1: Create a README.md that publishes the projects EOL status and
> do nothing else.
> > Option 2: Create a README which says the project is EOL but allow the
> following work for 1.2.18 AND create a full release:
> >    a.  Make the build work with a modern version of Maven.
> >    b.  Fix the Java version bug.
> >    c.  Fix CVE-2021-4104 (expanded to address all JNDI components)
> >    d.  Fix CVE-2019-17571
> >
> > Regards,
> > Christian
> > --
> > The Apache Software Foundation
> > V.P., Data Privacy
> >
>
>

Reply via email to