+0 > People should migrate to log4j2. good thinking, but what if they migrate to logback... IMO logback is a thing more likely log4j1 than log4j2, just user side.
Ralph Goers <ralph.go...@dslextreme.com> 于2022年1月1日周六 23:18写道: > +1 to Option 1 > > Ralph > > > On Dec 29, 2021, at 12:33 PM, Christian Grobmeier <grobme...@apache.org> > wrote: > > > > Hello, > > > > as discussed in another thread, this is a vote about the future of log4j > 1. This vote stays open for the usual 72h. > > Options are explained below. > > > > You can vote for: > > > > [ ] +1, Option 1 > > [ ] +1, Option 2 > > [ ] +/- 0, abstain > > [ ] -1 object against those options > > > > Option 1: Create a README.md that publishes the projects EOL status and > do nothing else. > > Option 2: Create a README which says the project is EOL but allow the > following work for 1.2.18 AND create a full release: > > a. Make the build work with a modern version of Maven. > > b. Fix the Java version bug. > > c. Fix CVE-2021-4104 (expanded to address all JNDI components) > > d. Fix CVE-2019-17571 > > > > Regards, > > Christian > > -- > > The Apache Software Foundation > > V.P., Data Privacy > > > >