Hello We are currently using the log4j1.x version for the Legacy System and are trying to upgrade to the latest version. We removed the class file, which is a temporary measure, but we recommend upgrading it later. Unfortunately, if we simply change the jar file log4j1.x to log4j2.17.1, other old library cause problems. So, using the Log4j1.x bridge (log4j-1.2-api) way on the link to https://logging.apache.org/log4j/2.x/manual/migration.html, It works normally. If we use the bridge way like this, can we solve the security issue of log4j1.x and the security issue of log4j2 at once? There are only three log4j items on the project. log4j-api-2.17.1.jar log4j-core-2.17.1.jar log4j-1.2-api-2.17.1.jar
I don't think there will be a problem, but we want official answers about the bridge way. The above version is based on JDK8, and will the JDK6 and JDK7 solve this problem if we process the latest version released on the site the same? We are looking forward to your answer about this problem. If there is no additional problem, Can I officially use the answer? Or is it possible to add content to the apache logging site? I would like to hear from you about my email. Thank you.
