philipwhiuk edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993440874
> I see a lot of comments that "log4j 1.x has reached its end of life". However, is there a chance there will be log4j 1.2.18 that just removes the offending features (e.g. JMSAppender, JmsSink, Chainsaw, SocketServer, SocketNode)? > > It just does not sound right that the only log4j team answer is "migrate to 2.x or try removing class files from jars". The Socket vulnerability (7.5) has been around for more than 4 years. The SMTP vulnerability has been around for over a year. You've had ages to migrate libraries. Also to be honest Log4J and Log4J 2 are really totally different projects. Log4J isn't so much deprecated as abandoned. If it's important to Netcracker Tech maybe you could approach the Apache Software Foundation and ask to maintain Log4J 1. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
