Dushyant-GitHub commented on issue #3504: URL: https://github.com/apache/logging-log4j2/issues/3504#issuecomment-2742531301
> A side question: > > I know that upgrading is painful, especially since we had approximately one new release per month last year, but `2.17.x` is a **very** old release and we don't maintain it anymore. The upgrade risk from `2.17.1` to `2.24.3` should be minimal, but it is still there, since we allow for behavioral changes in minor releases (change in default values, stricter interpretation of configuration errors, for example). > > What could we do, in your opinion, to motivate users to use maintained versions of Log4j (currently only the last minor release of `2.x`)? What are your main reasons for an upgrade (new features, known vulnerability, maintenance status of the major/minor branch)? Would an LTM (long term maintenance) branch be something you would upgrade to? > > **Note**: I am using "maintenance" instead of "support", since the level of "support" for all Log4j releases is the same: we answer questions if we remember how things worked in that release (even for Log4j 1). Of course more recent releases offer better "support". 😉 We understand the importance of staying on maintained versions. In our case, the log4j-api 2.17.1 dependency is used within customer extensions, and the decision to upgrade ultimately lies with them. We will convey your recommendation to our customers so they can evaluate the upgrade based on their requirements and risk assessments. We’ll pass along this feedback to our customers and let them decide on the best approach for their use case. Thanks again for your support!! :) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@logging.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
