Hello,
this is the result of the below vote:
11x +1 (Option 1), all binding
1 x +0 (abstaing), non binding
1x -1 (objection against those options), non binding.
Details:
+1, Option 1
Dominik Psenner (binding)
Robert Middleton (binding)
Gary Gregory (binding)
Ralph Goers (binding)
Matt Sicker (binding)
Christian Grobmeier (binding)
Carter Kozak (binding)
Ron Grabowski (binding)
Volkan Yazıcı (binding)
Remko Popma (binding)
Davyd McColl (binding)
+0:
Xeno Amess (non binding)
-1:
Vladimir Sitnikov (non binding)
The PMC decided unanimous to keep Log4 1 EOL.
Since there was a lengthy discussion before and while this, the PMC Chair Ron
Grabowski will send a statement which explains the thoughts behind this
decision in detail.
Kind regards,
Christian
Hello,
as discussed in another thread, this is a vote about the future of log4j 1.
This vote stays open for the usual 72h.
Options are explained below.
You can vote for:
[ ] +1, Option 1
[ ] +1, Option 2
[ ] +/- 0, abstain
[ ] -1 object against those options
Option 1: Create a README.md that publishes the projects EOL status and do
nothing else.
Option 2: Create a README which says the project is EOL but allow the following
work for 1.2.18 AND create a full release:
a. Make the build work with a modern version of Maven.
b. Fix the Java version bug.
c. Fix CVE-2021-4104 (expanded to address all JNDI components)
d. Fix CVE-2019-17571
Regards,
Christian
--
The Apache Software Foundation
V.P., Data Privacy
